Jump to content

Chrome redirect issues


ozzie4
 Share

Recommended Posts

I am having issues while doing searches on Chrome where searches get redirected to a program wanting to download Java or I have been searching for cars on Craigslist and get redirected to Auto Trader.com. Virus only effects Chrome not IE. I have pasted latest quick scan from Malware Bytes. Spy Hunter said it detected the Zlob.Trojan virus but wanted money to remove it which I didn't think was a good idea to use my credit card online if I have been hijacked. A MSE scan detected several sever threat viruses that it removed.

 

I need help!

Thanks, Dave

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: OZZIE [administrator]

4/28/2013 8:32:31 AM
mbam-log-2013-04-28 (08-32-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250819
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Link to comment
Share on other sites

 

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

 

Hello there, Dave

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

[*]Read the entire procedure

[*]It is important to perform ALL actions in sequence.

[*]If you don't know, stop and ask! Don't keep going on.

[*]Please reply to this thread. Do not start a new topic.

[*]Stick with me till you're given the all clear.

[*]Remember, absence of symptoms does not mean the infection is all gone.

[*]Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Link to comment
Share on other sites

Hello there,

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]

[*]DDS.com

[*]DDS.pif

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

[*]Post the contents of the DDS.txt report in your next reply

[*]Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

===================================================

 

Please download aswMBR.exe and save it to your desktop.

[*]Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

[*]Allow it to update where necessary

[*]Click Scan

[*]Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.

[*]You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===================================================

 

Download TDSSKiller.exe and save it to your desktop

 

Execute TDSSKiller.exe by doubleclicking on it.

Press Start Scan

If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt

 

===================================================

 

On your next reply please post :

DDS log

aswMBR log

TDSSKiller log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Thanks Conspire.

 

Here are the log files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16476Run by David at 21:53:55 on 2013-05-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2082 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}.============== Running Processes ===============.C:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Program Files (x86)Common FilesComodolauncher_service.exeC:Windowssystem32svchost.exe -k RPCSSC:Program FilesCOMODOCOMODO Internet Securitycmdagent.exeC:Windowssystem32svchost.exe -k NetworkServicec:Program FilesMicrosoft Security ClientMsMpEng.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Program FilesIDTWDMSTacSV64.exeC:Windowssystem32WLANExt.exeC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Program FilesWIDCOMMBluetooth Softwarebtwdins.exeC:Program Files (x86)Common FilesComodoGeekBuddyRSP.exeC:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exeC:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exeC:Program Files (x86)KodakAiOCenterEKAiOHostService.exeC:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exeC:Program Files (x86)Common FilesLightScribeLSSrvc.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exeC:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exeC:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exeC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:Windowssystem32svchost.exe -k imgsvcC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXEC:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exeC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exeC:Windowssystem32wbemwmiprvse.exeC:Windowssystem32Dwm.exeC:Windowssystem32taskhost.exeC:Program Files (x86)Spybot - Search & DestroySDWinSec.exeC:WindowsExplorer.EXEC:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXEC:Windowssystem32svchost.exe -k bthsvcsC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:WindowsSystem32rundll32.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesIDTWDMsttray64.exeC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:Program FilesMicrosoft Security Clientmsseces.exeC:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exeC:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exeC:PROGRAM FILES (X86)KODAKAIOSTATUSMONITOREKStatusMonitor.exeC:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exeC:Program Files (x86)PCPitstopInfo CenterInfoCenter.exeC:Windowssystem32SearchIndexer.exeC:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exeC:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:Program Files (x86)Common FilesComodoGeekBuddyRSP.exeC:Windowssystem32wbemwmiprvse.exeC:WindowsSysWOW64RunDll32.exeC:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exeC:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exeC:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exeC:Windowssystem32taskeng.exeC:Program Files (x86)CyberLinkYouCamYCMMirage.exeC:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXEC:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPrivacyIconClient.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exeC:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exeC:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exeC:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exeC:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exeC:Windowssystem32svchost.exe -k SDRSVCC:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exeC:WindowsSysWOW64NOTEPAD.EXEC:WindowsSysWOW64NOTEPAD.EXEC:UsersDavidDesktoptdsskiller.exeC:WindowsSystem32svchost.exe -k swprvC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files (x86)Internet Exploreriexplore.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.msn.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uProxyServer = hxxp=<local>uProxyOverride = 127.0.0.1;<local>uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLLBHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program Files (x86)WOTWOT.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dllTB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dllTB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -uRun: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hiddenmRun: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exemRun: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe"mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"mRun: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exemRun: [Conime] C:WindowsSystem32conime.exemRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exemRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottimemRun: [EKStatusMonitor] C:Program Files (x86)KodakAiOStatusMonitorEKStatusMonitor.exemRun: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exemRun: [gbrspcontrol] "C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe" -controlservice -slavedRunOnce: [KodakHomeCenter] "C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe"StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupBLUETO~1.LNK - C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeStartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupEVENTP~1.LNK - C:WindowsInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exeStartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSNAPFI~1.LNK - C:Program Files (x86)PictureMoverBinPictureMover.exeStartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSTARTG~1.LNK - C:Program Files (x86)ComodoGeekBuddylauncher.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000IE: Se&nd to OneNote - C:PROGRA~2MICROS~1Office14ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabTCP: NameServer = 64.222.165.243 64.222.84.243TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08} : DHCPNameServer = 64.222.165.243 64.222.84.243TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}2496274644F676D27657563747 : DHCPNameServer = 64.222.165.243 64.222.84.243TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}34963736F62363332343 : DHCPNameServer = 64.222.165.243 64.222.84.243TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}45865602D4F6F63756 : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program Files (x86)WOTWOT.dllAppInit_DLLs= C:WindowsSysWOW64guard32.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:Program Files (x86)Common FilesLightScribeLSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication26.0.1410.64Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLLx64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program FilesWOTWOT.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dllx64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dllx64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exex64-Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hiddenx64-Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exex64-Run: [COMODO Internet Security] "C:Program FilesCOMODOCOMODO Internet Securitycfp.exe" -hx64-Run: [igfxTray] C:WindowsSystem32igfxtray.exex64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exex64-Run: [Persistence] C:WindowsSystem32igfxpers.exex64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program FilesWOTWOT.dllx64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2013-1-20 230320]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:WindowsSystem32driverscmdGuard.sys [2012-1-17 584056]R1 cmdHlp;COMODO Internet Security Helper Driver;C:WindowsSystem32driverscmdhlp.sys [2011-12-19 38144]R2 CLPSLauncher;COMODO LPS Launcher;C:Program Files (x86)Common FilesComodolauncher_service.exe [2013-1-17 70352]R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624]R2 GeekBuddyRSP;GeekBuddyRSP Service;C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe [2013-1-15 1851088]R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2012-9-27 86528]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-7-21 103992]R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-8-5 291896]R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2012-3-5 35200]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-3-12 13336]R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe [2012-10-19 395200]R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe [2012-10-15 779200]R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-9-11 399344]R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2011-8-14 1153368]R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-1 508776]R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-3-12 2320920]R3 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.EXE [2012-2-10 240408]R3 btwampfl;Bluetooth AMP USB Filter;C:WindowsSystem32driversbtwampfl.sys [2011-3-12 344616]R3 btwl2cap;Bluetooth L2CAP Service;C:WindowsSystem32driversbtwl2cap.sys [2011-3-12 39464]R3 clwvd;CyberLink WebCam Virtual Driver;C:WindowsSystem32driversclwvd.sys [2010-12-11 31088]R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2009-9-17 56344]R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2010-12-8 158976]R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2010-12-8 317440]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-11-24 565352]R3 Sftfs;Sftfs;C:WindowsSystem32driversSftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:WindowsSystem32driversSftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:WindowsSystem32driversSftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:WindowsSystem32driversSftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-1 219496]S2 BBSvc;BingBar Service;C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]S3 EsgScanner;EsgScanner;C:WindowsSystem32driversEsgScanner.sys [2013-4-27 22704]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversnetw5v64.sys [2009-6-10 5434368]S3 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2012-3-20 130008]S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientNisSrv.exe [2013-1-27 379360]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:WindowsSystem32driversRtsPStor.sys [2011-3-12 329832]S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-7-16 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-6-10 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-6-10 389120]S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.ShellExec: pi11.exe: Open="C:Program Files (x86)Microsoft Digital Image 2006pi.exe" "%1".=============== Created Last 30 ================.2013-05-03 01:15:59 9317456 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{41422C8C-3A5D-40E9-8F8E-CAA1F4E24692}mpengine.dll2013-05-02 00:24:56 9317456 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll2013-04-28 12:16:52 -------- d-----w- C:UsersDavidAppDataRoamingSpeedyPC Software2013-04-28 12:16:52 -------- d-----w- C:UsersDavidAppDataRoamingDriverCure2013-04-28 12:15:13 -------- d-----w- C:ProgramDataSpeedyPC Software2013-04-27 21:37:02 22704 ----a-w- C:WindowsSystem32driversEsgScanner.sys2013-04-27 21:35:48 -------- d-----w- C:Windows6B6C4C461B7E4A419E70ACFBB22B1D81.TMP2013-04-27 21:35:46 -------- d-----w- C:Program Files (x86)Common FilesWise Installation Wizard2013-04-24 10:28:29 1656680 ----a-w- C:WindowsSystem32driversntfs.sys2013-04-23 23:08:12 905296 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{17CF8CD1-4C31-4609-86EF-5B96FE9536FC}gapaengine.dll2013-04-11 17:03:13 -------- d-----w- C:UsersDavidAppDataLocal{34BD6C34-ABB1-436A-999F-86EA47543112}2013-04-11 02:29:14 -------- d-----w- C:UsersDavidAppDataLocal{CE7C74C8-6A9A-4D77-A299-87FDAEBAC5D0}2013-04-10 11:42:40 3717632 ----a-w- C:WindowsSystem32mstscax.dll2013-04-10 11:42:39 3217408 ----a-w- C:WindowsSysWow64mstscax.dll2013-04-10 11:42:38 44032 ----a-w- C:WindowsSystem32tsgqec.dll2013-04-10 11:42:38 36864 ----a-w- C:WindowsSysWow64tsgqec.dll2013-04-10 11:42:38 158720 ----a-w- C:WindowsSystem32aaclient.dll2013-04-10 11:42:38 131584 ----a-w- C:WindowsSysWow64aaclient.dll2013-04-10 11:42:29 3153408 ----a-w- C:WindowsSystem32win32k.sys2013-04-10 11:37:18 223752 ----a-w- C:WindowsSystem32driversfvevol.sys2013-04-10 11:37:16 5550424 ----a-w- C:WindowsSystem32ntoskrnl.exe2013-04-10 11:37:15 3968856 ----a-w- C:WindowsSysWow64ntkrnlpa.exe2013-04-10 11:37:15 3913560 ----a-w- C:WindowsSysWow64ntoskrnl.exe2013-04-10 11:37:14 6656 ----a-w- C:WindowsSysWow64apisetschema.dll2013-04-10 11:37:14 43520 ----a-w- C:WindowsSystem32csrsrv.dll2013-04-10 11:37:14 112640 ----a-w- C:WindowsSystem32smss.exe.==================== Find3M ====================.2013-05-02 15:29:56 278800 ------w- C:WindowsSystem32MpSigStub.exe2013-04-04 18:50:32 25928 ----a-w- C:WindowsSystem32driversmbam.sys2013-03-13 11:10:30 73432 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-03-13 11:10:30 693976 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-02-24 04:39:40 0 ----a-w- C:WindowsSysWow64shoC432.tmp2013-02-22 06:27:49 2312704 ----a-w- C:WindowsSystem32jscript9.dll2013-02-22 06:20:51 1392128 ----a-w- C:WindowsSystem32wininet.dll2013-02-22 06:19:37 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl2013-02-22 06:15:48 173056 ----a-w- C:WindowsSystem32ieUnatt.exe2013-02-22 06:15:23 599040 ----a-w- C:WindowsSystem32vbscript.dll2013-02-22 06:12:41 2382848 ----a-w- C:WindowsSystem32mshtml.tlb2013-02-22 03:46:00 1800704 ----a-w- C:WindowsSysWow64jscript9.dll2013-02-22 03:38:00 1129472 ----a-w- C:WindowsSysWow64wininet.dll2013-02-22 03:37:50 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl2013-02-22 03:34:17 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe2013-02-22 03:34:03 420864 ----a-w- C:WindowsSysWow64vbscript.dll2013-02-22 03:31:46 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb2013-02-12 05:45:24 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:WindowsapppatchAppPatch64AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:WindowsapppatchAppPatch64acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:WindowsapppatchAcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:WindowsapppatchAcGenral.dll2013-02-12 04:12:05 19968 ----a-w- C:WindowsSystem32driversusb8023.sys.============= FINISH: 21:54:20.11 ===============

 

swMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-05-02 21:18:06-----------------------------21:18:06.235 OS Version: Windows x64 6.1.7601 Service Pack 121:18:06.235 Number of processors: 4 586 0x250521:18:06.235 ComputerName: OZZIE UserName: David21:18:07.342 Initialize success21:19:09.390 AVAST engine download error: 021:19:22.166 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-121:19:22.182 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 321:19:22.307 Disk 0 MBR read successfully21:19:22.307 Disk 0 MBR scan21:19:22.307 Disk 0 Windows 7 default MBR code21:19:22.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 204821:19:22.338 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461726 MB offset 40960021:19:22.369 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14910 MB offset 94602444821:19:22.385 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 97656012821:19:22.556 Disk 0 scanning C:Windowssystem32drivers21:19:30.902 Service scanning21:20:13.116 Modules scanning21:20:13.116 Disk 0 trace - called modules:21:20:13.662 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll21:20:13.678 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8005265060]21:20:13.678 3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0xfffffa8004fd7050]21:20:13.693 Scan finished successfully21:20:44.129 Disk 0 MBR has been saved successfully to "C:UsersDavidDesktopMBR.dat"21:20:44.144 The log file has been saved successfully to "C:UsersDavidDesktopaswMBR.txt"

 

21:22:35.0652 6236 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4221:22:36.0136 6236 ============================================================21:22:36.0136 6236 Current date / time: 2013/05/02 21:22:36.013621:22:36.0136 6236 SystemInfo:21:22:36.0136 6236 21:22:36.0136 6236 OS Version: 6.1.7601 ServicePack: 1.021:22:36.0136 6236 Product type: Workstation21:22:36.0136 6236 ComputerName: OZZIE21:22:36.0136 6236 UserName: David21:22:36.0136 6236 Windows directory: C:Windows21:22:36.0136 6236 System windows directory: C:Windows21:22:36.0136 6236 Running under WOW6421:22:36.0136 6236 Processor architecture: Intel x6421:22:36.0136 6236 Number of processors: 421:22:36.0136 6236 Page size: 0x100021:22:36.0136 6236 Boot type: Normal boot21:22:36.0136 6236 ============================================================21:22:36.0526 6236 Drive DeviceHarddisk0DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004021:22:36.0541 6236 ============================================================21:22:36.0541 6236 DeviceHarddisk0DR0:21:22:36.0541 6236 MBR partitions:21:22:36.0541 6236 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6380021:22:36.0541 6236 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF00021:22:36.0541 6236 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F00021:22:36.0541 6236 DeviceHarddisk0DR0Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x3383021:22:36.0541 6236 ============================================================21:22:36.0573 6236 C: <-> DeviceHarddisk0DR0Partition221:22:36.0619 6236 D: <-> DeviceHarddisk0DR0Partition321:22:36.0635 6236 F: <-> DeviceHarddisk0DR0Partition421:22:36.0635 6236 ============================================================21:22:36.0635 6236 Initialize success21:22:36.0635 6236 ============================================================21:22:44.0747 1936 ============================================================21:22:44.0747 1936 Scan started21:22:44.0747 1936 Mode: Manual;21:22:44.0747 1936 ============================================================21:22:44.0997 1936 ================ Scan system memory ========================21:22:44.0997 1936 System memory - ok21:22:44.0997 1936 ================ Scan services =============================21:22:45.0184 1936 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:Windowssystem32drivers1394ohci.sys21:22:45.0184 1936 1394ohci - ok21:22:45.0246 1936 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:Windowssystem32driversACPI.sys21:22:45.0246 1936 ACPI - ok21:22:45.0293 1936 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:Windowssystem32driversacpipmi.sys21:22:45.0293 1936 AcpiPmi - ok21:22:45.0449 1936 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe21:22:45.0449 1936 AdobeFlashPlayerUpdateSvc - ok21:22:45.0511 1936 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys21:22:45.0511 1936 adp94xx - ok21:22:45.0558 1936 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:Windowssystem32DRIVERSadpahci.sys21:22:45.0574 1936 adpahci - ok21:22:45.0605 1936 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys21:22:45.0605 1936 adpu320 - ok21:22:45.0636 1936 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll21:22:45.0636 1936 AeLookupSvc - ok21:22:45.0699 1936 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:Windowssystem32driversafd.sys21:22:45.0699 1936 AFD - ok21:22:45.0730 1936 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:Windowssystem32driversagp440.sys21:22:45.0730 1936 agp440 - ok21:22:45.0761 1936 [ 3290D6946B5E30E70414990574883DDB ] ALG C:WindowsSystem32alg.exe21:22:45.0761 1936 ALG - ok21:22:45.0792 1936 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:Windowssystem32driversaliide.sys21:22:45.0792 1936 aliide - ok21:22:45.0808 1936 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:Windowssystem32driversamdide.sys21:22:45.0808 1936 amdide - ok21:22:45.0839 1936 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys21:22:45.0839 1936 AmdK8 - ok21:22:45.0855 1936 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys21:22:45.0855 1936 AmdPPM - ok21:22:45.0901 1936 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:Windowssystem32driversamdsata.sys21:22:45.0901 1936 amdsata - ok21:22:45.0948 1936 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys21:22:45.0948 1936 amdsbs - ok21:22:45.0964 1936 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:Windowssystem32driversamdxata.sys21:22:45.0964 1936 amdxata - ok21:22:46.0011 1936 [ 89A69C3F2F319B43379399547526D952 ] AppID C:Windowssystem32driversappid.sys21:22:46.0011 1936 AppID - ok21:22:46.0042 1936 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:WindowsSystem32appidsvc.dll21:22:46.0042 1936 AppIDSvc - ok21:22:46.0089 1936 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:WindowsSystem32appinfo.dll21:22:46.0089 1936 Appinfo - ok21:22:46.0151 1936 [ C484F8CEB1717C540242531DB7845C4E ] arc C:Windowssystem32DRIVERSarc.sys21:22:46.0151 1936 arc - ok21:22:46.0167 1936 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:Windowssystem32DRIVERSarcsas.sys21:22:46.0167 1936 arcsas - ok21:22:46.0213 1936 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys21:22:46.0213 1936 AsyncMac - ok21:22:46.0245 1936 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:Windowssystem32driversatapi.sys21:22:46.0260 1936 atapi - ok21:22:46.0307 1936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll21:22:46.0323 1936 AudioEndpointBuilder - ok21:22:46.0338 1936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:WindowsSystem32Audiosrv.dll21:22:46.0338 1936 AudioSrv - ok21:22:46.0401 1936 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:WindowsSystem32AxInstSV.dll21:22:46.0401 1936 AxInstSV - ok21:22:46.0447 1936 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:Windowssystem32DRIVERSbxvbda.sys21:22:46.0463 1936 b06bdrv - ok21:22:46.0510 1936 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:Windowssystem32DRIVERSb57nd60a.sys21:22:46.0510 1936 b57nd60a - ok21:22:46.0650 1936 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.exe21:22:46.0650 1936 BBSvc - ok21:22:46.0681 1936 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe21:22:46.0681 1936 BBUpdate - ok21:22:46.0837 1936 [ 461E574D7967E895640109A371A912A5 ] BCM43XX C:Windowssystem32DRIVERSbcmwl664.sys21:22:46.0931 1936 BCM43XX - ok21:22:46.0962 1936 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:WindowsSystem32bdesvc.dll21:22:46.0962 1936 BDESVC - ok21:22:46.0978 1936 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:Windowssystem32driversBeep.sys21:22:46.0978 1936 Beep - ok21:22:47.0040 1936 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:WindowsSystem32bfe.dll21:22:47.0056 1936 BFE - ok21:22:47.0087 1936 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:Windowssystem32qmgr.dll21:22:47.0103 1936 BITS - ok21:22:47.0149 1936 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys21:22:47.0149 1936 blbdrive - ok21:22:47.0181 1936 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:Windowssystem32DRIVERSbowser.sys21:22:47.0181 1936 bowser - ok21:22:47.0212 1936 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys21:22:47.0212 1936 BrFiltLo - ok21:22:47.0227 1936 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys21:22:47.0227 1936 BrFiltUp - ok21:22:47.0259 1936 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:Windowssystem32DRIVERSbridge.sys21:22:47.0259 1936 BridgeMP - ok21:22:47.0290 1936 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:WindowsSystem32browser.dll21:22:47.0290 1936 Browser - ok21:22:47.0337 1936 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:WindowsSystem32DriversBrserid.sys21:22:47.0337 1936 Brserid - ok21:22:47.0368 1936 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys21:22:47.0368 1936 BrSerWdm - ok21:22:47.0399 1936 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys21:22:47.0399 1936 BrUsbMdm - ok21:22:47.0399 1936 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys21:22:47.0415 1936 BrUsbSer - ok21:22:47.0461 1936 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:Windowssystem32driversBthEnum.sys21:22:47.0461 1936 BthEnum - ok21:22:47.0508 1936 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys21:22:47.0508 1936 BTHMODEM - ok21:22:47.0524 1936 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:Windowssystem32DRIVERSbthpan.sys21:22:47.0524 1936 BthPan - ok21:22:47.0586 1936 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:WindowsSystem32DriversBTHport.sys21:22:47.0602 1936 BTHPORT - ok21:22:47.0649 1936 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:Windowssystem32bthserv.dll21:22:47.0649 1936 bthserv - ok21:22:47.0680 1936 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:WindowsSystem32DriversBTHUSB.sys21:22:47.0680 1936 BTHUSB - ok21:22:47.0711 1936 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:Windowssystem32driversbtwampfl.sys21:22:47.0711 1936 btwampfl - ok21:22:47.0742 1936 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:Windowssystem32driversbtwaudio.sys21:22:47.0742 1936 btwaudio - ok21:22:47.0773 1936 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:Windowssystem32driversbtwavdt.sys21:22:47.0773 1936 btwavdt - ok21:22:47.0851 1936 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe21:22:47.0851 1936 btwdins - ok21:22:47.0898 1936 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:Windowssystem32DRIVERSbtwl2cap.sys21:22:47.0898 1936 btwl2cap - ok21:22:47.0898 1936 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:Windowssystem32DRIVERSbtwrchid.sys21:22:47.0898 1936 btwrchid - ok21:22:47.0929 1936 catchme - ok21:22:48.0023 1936 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:Program Files (x86)CanonCALCALMAIN.exe21:22:48.0023 1936 CCALib8 - ok21:22:48.0070 1936 [ B8BD2BB284668C84865658C77574381A ] cdfs C:Windowssystem32DRIVERScdfs.sys21:22:48.0070 1936 cdfs - ok21:22:48.0117 1936 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:Windowssystem32DRIVERScdrom.sys21:22:48.0117 1936 cdrom - ok21:22:48.0163 1936 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:WindowsSystem32certprop.dll21:22:48.0163 1936 CertPropSvc - ok21:22:48.0195 1936 CFRMD - ok21:22:48.0226 1936 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:Windowssystem32DRIVERScirclass.sys21:22:48.0226 1936 circlass - ok21:22:48.0273 1936 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:Windowssystem32CLFS.sys21:22:48.0273 1936 CLFS - ok21:22:48.0351 1936 [ B52BF50959A367713ECF930587755188 ] CLPSLauncher C:Program Files (x86)Common FilesComodolauncher_service.exe21:22:48.0351 1936 CLPSLauncher - ok21:22:48.0413 1936 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe21:22:48.0413 1936 clr_optimization_v2.0.50727_32 - ok21:22:48.0475 1936 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe21:22:48.0475 1936 clr_optimization_v2.0.50727_64 - ok21:22:48.0569 1936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe21:22:48.0569 1936 clr_optimization_v4.0.30319_32 - ok21:22:48.0616 1936 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe21:22:48.0616 1936 clr_optimization_v4.0.30319_64 - ok21:22:48.0663 1936 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:Windowssystem32DRIVERSclwvd.sys21:22:48.0663 1936 clwvd - ok21:22:48.0694 1936 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys21:22:48.0694 1936 CmBatt - ok21:22:48.0819 1936 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe21:22:48.0834 1936 cmdAgent - ok21:22:48.0897 1936 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:Windowssystem32DRIVERScmdguard.sys21:22:48.0912 1936 cmdGuard - ok21:22:48.0912 1936 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:Windowssystem32DRIVERScmdhlp.sys21:22:48.0912 1936 cmdHlp - ok21:22:48.0959 1936 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:Windowssystem32driverscmdide.sys21:22:48.0959 1936 cmdide - ok21:22:48.0990 1936 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:Windowssystem32Driverscng.sys21:22:49.0006 1936 CNG - ok21:22:49.0037 1936 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:Windowssystem32DRIVERScompbatt.sys21:22:49.0037 1936 Compbatt - ok21:22:49.0068 1936 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:Windowssystem32driversCompositeBus.sys21:22:49.0068 1936 CompositeBus - ok21:22:49.0084 1936 COMSysApp - ok21:22:49.0099 1936 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys21:22:49.0099 1936 crcdisk - ok21:22:49.0146 1936 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:Windowssystem32cryptsvc.dll21:22:49.0162 1936 CryptSvc - ok21:22:49.0255 1936 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE21:22:49.0255 1936 cvhsvc - ok21:22:49.0318 1936 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:Windowssystem32rpcss.dll21:22:49.0318 1936 DcomLaunch - ok21:22:49.0349 1936 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:WindowsSystem32defragsvc.dll21:22:49.0365 1936 defragsvc - ok21:22:49.0427 1936 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:Windowssystem32Driversdfsc.sys21:22:49.0427 1936 DfsC - ok21:22:49.0474 1936 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:Windowssystem32dhcpcore.dll21:22:49.0474 1936 Dhcp - ok21:22:49.0521 1936 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:Windowssystem32driversdiscache.sys21:22:49.0521 1936 discache - ok21:22:49.0552 1936 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:Windowssystem32DRIVERSdisk.sys21:22:49.0567 1936 Disk - ok21:22:49.0599 1936 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:WindowsSystem32dnsrslvr.dll21:22:49.0599 1936 Dnscache - ok21:22:49.0661 1936 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:WindowsSystem32dot3svc.dll21:22:49.0661 1936 dot3svc - ok21:22:49.0708 1936 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:Windowssystem32dps.dll21:22:49.0708 1936 DPS - ok21:22:49.0739 1936 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:Windowssystem32driversdrmkaud.sys21:22:49.0739 1936 drmkaud - ok21:22:49.0786 1936 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys21:22:49.0801 1936 DXGKrnl - ok21:22:49.0848 1936 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:WindowsSystem32eapsvc.dll21:22:49.0848 1936 EapHost - ok21:22:49.0957 1936 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:Windowssystem32DRIVERSevbda.sys21:22:50.0051 1936 ebdrv - ok21:22:50.0067 1936 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:WindowsSystem32lsass.exe21:22:50.0067 1936 EFS - ok21:22:50.0160 1936 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:WindowsehomeehRecvr.exe21:22:50.0160 1936 ehRecvr - ok21:22:50.0191 1936 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:Windowsehomeehsched.exe21:22:50.0191 1936 ehSched - ok21:22:50.0223 1936 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:Windowssystem32DRIVERSelxstor.sys21:22:50.0238 1936 elxstor - ok21:22:50.0254 1936 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:Windowssystem32driverserrdev.sys21:22:50.0254 1936 ErrDev - ok21:22:50.0269 1936 esgiguard - ok21:22:50.0301 1936 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:Windowssystem32DRIVERSEsgScanner.sys21:22:50.0301 1936 EsgScanner - ok21:22:50.0347 1936 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:Windowssystem32es.dll21:22:50.0363 1936 EventSystem - ok21:22:50.0394 1936 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:Windowssystem32driversexfat.sys21:22:50.0394 1936 exfat - ok21:22:50.0425 1936 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:Windowssystem32driversfastfat.sys21:22:50.0425 1936 fastfat - ok21:22:50.0488 1936 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:Windowssystem32fxssvc.exe21:22:50.0503 1936 Fax - ok21:22:50.0550 1936 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:Windowssystem32DRIVERSfdc.sys21:22:50.0550 1936 fdc - ok21:22:50.0581 1936 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:Windowssystem32fdPHost.dll21:22:50.0597 1936 fdPHost - ok21:22:50.0597 1936 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:Windowssystem32fdrespub.dll21:22:50.0597 1936 FDResPub - ok21:22:50.0613 1936 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:Windowssystem32driversfileinfo.sys21:22:50.0613 1936 FileInfo - ok21:22:50.0628 1936 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:Windowssystem32driversfiletrace.sys21:22:50.0628 1936 Filetrace - ok21:22:50.0659 1936 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys21:22:50.0659 1936 flpydisk - ok21:22:50.0706 1936 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:Windowssystem32driversfltmgr.sys21:22:50.0706 1936 FltMgr - ok21:22:50.0769 1936 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:Windowssystem32FntCache.dll21:22:50.0784 1936 FontCache - ok21:22:50.0878 1936 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe21:22:50.0893 1936 FontCache3.0.0.0 - ok21:22:50.0909 1936 [ D43703496149971890703B4B1B723EAC ] FsDepends C:Windowssystem32driversFsDepends.sys21:22:50.0909 1936 FsDepends - ok21:22:50.0940 1936 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:Windowssystem32driversFs_Rec.sys21:22:50.0940 1936 Fs_Rec - ok21:22:51.0003 1936 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:Windowssystem32DRIVERSfvevol.sys21:22:51.0003 1936 fvevol - ok21:22:51.0034 1936 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys21:22:51.0034 1936 gagp30kx - ok21:22:51.0081 1936 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe21:22:51.0081 1936 GameConsoleService - ok21:22:51.0174 1936 [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe21:22:51.0190 1936 GeekBuddyRSP - ok21:22:51.0237 1936 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:WindowsSystem32gpsvc.dll21:22:51.0237 1936 gpsvc - ok21:22:51.0315 1936 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:Program Files (x86)GoogleUpdateGoogleUpdate.exe21:22:51.0315 1936 gupdate - ok21:22:51.0330 1936 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:Program Files (x86)GoogleUpdateGoogleUpdate.exe21:22:51.0330 1936 gupdatem - ok21:22:51.0361 1936 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:Windowssystem32drivershcw85cir.sys21:22:51.0361 1936 hcw85cir - ok21:22:51.0424 1936 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:Windowssystem32driversHdAudio.sys21:22:51.0424 1936 HdAudAddService - ok21:22:51.0455 1936 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:Windowssystem32driversHDAudBus.sys21:22:51.0455 1936 HDAudBus - ok21:22:51.0486 1936 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:Windowssystem32DRIVERSHECIx64.sys21:22:51.0486 1936 HECIx64 - ok21:22:51.0517 1936 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys21:22:51.0517 1936 HidBatt - ok21:22:51.0549 1936 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:Windowssystem32DRIVERShidbth.sys21:22:51.0549 1936 HidBth - ok21:22:51.0564 1936 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:Windowssystem32DRIVERShidir.sys21:22:51.0564 1936 HidIr - ok21:22:51.0595 1936 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:WindowsSystem32hidserv.dll21:22:51.0595 1936 hidserv - ok21:22:51.0658 1936 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:Windowssystem32DRIVERShidusb.sys21:22:51.0658 1936 HidUsb - ok21:22:51.0689 1936 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:Windowssystem32kmsvc.dll21:22:51.0705 1936 hkmsvc - ok21:22:51.0736 1936 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:Windowssystem32ListSvc.dll21:22:51.0736 1936 HomeGroupListener - ok21:22:51.0767 1936 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:Windowssystem32provsvc.dll21:22:51.0767 1936 HomeGroupProvider - ok21:22:51.0861 1936 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe21:22:51.0861 1936 HP Support Assistant Service - ok21:22:51.0923 1936 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe21:22:51.0939 1936 HP Wireless Assistant Service - ok21:22:51.0970 1936 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe21:22:51.0970 1936 HPClientSvc - ok21:22:52.0079 1936 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe21:22:52.0079 1936 hpqwmiex - ok21:22:52.0126 1936 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:Windowssystem32driversHpSAMD.sys21:22:52.0126 1936 HpSAMD - ok21:22:52.0188 1936 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe21:22:52.0188 1936 HPWMISVC - ok21:22:52.0219 1936 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:Windowssystem32driversHTTP.sys21:22:52.0235 1936 HTTP - ok21:22:52.0297 1936 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:Windowssystem32drivershwpolicy.sys21:22:52.0297 1936 hwpolicy - ok21:22:52.0344 1936 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:Windowssystem32DRIVERSi8042prt.sys21:22:52.0344 1936 i8042prt - ok21:22:52.0391 1936 [ D469B77687E12FE43E344806740B624D ] iaStor C:Windowssystem32DRIVERSiaStor.sys21:22:52.0391 1936 iaStor - ok21:22:52.0485 1936 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe21:22:52.0485 1936 IAStorDataMgrSvc - ok21:22:52.0547 1936 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:Windowssystem32driversiaStorV.sys21:22:52.0547 1936 iaStorV - ok21:22:52.0625 1936 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe21:22:52.0641 1936 idsvc - ok21:22:52.0890 1936 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:Windowssystem32DRIVERSigdkmd64.sys21:22:53.0109 1936 igfx - ok21:22:53.0140 1936 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:Windowssystem32DRIVERSiirsp.sys21:22:53.0140 1936 iirsp - ok21:22:53.0187 1936 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:WindowsSystem32ikeext.dll21:22:53.0218 1936 IKEEXT - ok21:22:53.0249 1936 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:Windowssystem32DRIVERSImpcd.sys21:22:53.0249 1936 Impcd - ok21:22:53.0296 1936 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:Windowssystem32DRIVERSinspect.sys21:22:53.0296 1936 inspect - ok21:22:53.0358 1936 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:Windowssystem32DRIVERSIntcDAud.sys21:22:53.0358 1936 IntcDAud - ok21:22:53.0374 1936 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:Windowssystem32driversintelide.sys21:22:53.0374 1936 intelide - ok21:22:53.0421 1936 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:Windowssystem32DRIVERSintelppm.sys21:22:53.0421 1936 intelppm - ok21:22:53.0467 1936 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:Windowssystem32ipbusenum.dll21:22:53.0467 1936 IPBusEnum - ok21:22:53.0499 1936 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys21:22:53.0499 1936 IpFilterDriver - ok21:22:53.0561 1936 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:WindowsSystem32iphlpsvc.dll21:22:53.0561 1936 iphlpsvc - ok21:22:53.0592 1936 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:Windowssystem32driversIPMIDrv.sys21:22:53.0592 1936 IPMIDRV - ok21:22:53.0608 1936 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:Windowssystem32driversipnat.sys21:22:53.0623 1936 IPNAT - ok21:22:53.0670 1936 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:Windowssystem32driversirenum.sys21:22:53.0670 1936 IRENUM - ok21:22:53.0686 1936 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:Windowssystem32driversisapnp.sys21:22:53.0686 1936 isapnp - ok21:22:53.0733 1936 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:Windowssystem32driversmsiscsi.sys21:22:53.0733 1936 iScsiPrt - ok21:22:53.0764 1936 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:Windowssystem32driversk

attach.txt

MBR.zip

Link to comment
Share on other sites

Please read through these instructions to familiarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

 

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Link to comment
Share on other sites

-AdwCleaner-

 

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

===================================================

 

Please download Junkware Removal Tool to your desktop.

[*]Shutdown your antivirus to avoid any conflicts.

[*]Right-mouse click JRT.exe and select Run as administrator

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message

===================================================

 

On your next reply please post :

Adwcleaner log

JRT log

 

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 13:50:29# Updated 28/04/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : David - OZZIE# Boot Mode : Normal# Running from : C:UsersDavidDesktopadwcleaner.exe# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramseBay.lnkFile Deleted : C:UsersPublicDesktopeBay.lnk

***** [Registry] *****

Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsgrusskartencenter.comKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapEscDomainsgrusskartencenter.comKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{443789B7-F39C-4B5C-9287-DA72D38F4FE6}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

***** [internet Browsers] *****

- Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

- Google Chrome v26.0.1410.64

File : C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultPreferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1584 octets] - [05/05/2013 13:50:29]

########## EOF - C:AdwCleaner[s1].txt - [1644 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.3 (04.29.2013:2)OS: Windows 7 Home Premium x64Ran by David on Sun 05/05/2013 at 14:04:20.54~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{CAA53F35-69CD-4FE9-A16C-A61F64AC1D9F}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

~~~ Files

Successfully deleted: [File] C:Windowssyswow64sho82A8.tmpSuccessfully deleted: [File] C:Windowssyswow64shoC432.tmpSuccessfully deleted: [File] "C:Windowscouponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:ProgramDataspeedypc software"Successfully deleted: [Folder] "C:UsersDavidAppDataRoamingdrivercure"Successfully deleted: [Folder] "C:UsersDavidAppDataRoamingspeedypc software"Successfully deleted: [Folder] "C:Program Files (x86)coupons"Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{02D43034-6600-4241-9D32-DC4E0CD97C56}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{0365AC1B-F1C9-4E3D-BC77-C052CC1494AA}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{076E1431-1F39-43B0-A27A-2879812EF5D8}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{08FEA777-8CA7-42D1-BA13-A3ED839E2597}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{0BF9B659-EFFC-44A2-B0DA-B49A4E010BEB}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{0E272EF0-550D-4B38-A608-61B215B5C62D}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{13D70C7E-EA7C-4AB6-82BF-5BC260FA2381}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{14268681-C9A9-496A-9DAA-2E957579E7BC}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{1A16357D-DE80-4318-B4C7-8107EE72FF49}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{1E95D1A9-B1FC-4E85-A435-42C46EB4A652}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{1FC62A51-22D8-41E9-9F3E-922F668D2798}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{20368904-5F41-45B5-A5DA-03D3BE39C3B6}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{206323D5-4F9B-44C7-B287-29EB5BC89369}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{2D3065AE-66F4-4665-B947-DB0F61FF48FB}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{2EC2BF57-8116-44E6-861A-E2DB084B4843}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{34BD6C34-ABB1-436A-999F-86EA47543112}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{3CEEC5B7-3481-42E3-8C3B-F8E019BFBEA0}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{402427C5-1742-42DD-9384-CEE86F028D07}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{41144E3C-348C-41FE-B21C-53A9BB83632F}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{43011CD4-8649-427A-A22B-10B910275753}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{45F530F9-5D05-4F50-9D3C-6A73697392EA}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{4844BCC0-970E-48D7-94FC-B303DADBC50B}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{48C066C2-947C-478C-BC8C-D2B3CD3D6C4E}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{49ABEBEB-34B6-4B16-9FF0-BF81846D37D5}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{4C5D7F47-D4AC-4072-A5AC-7A9346A2A7AA}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{536094B7-2B0F-4FA9-9B8C-478183A01A45}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{6A747849-D504-41A6-8838-8864821C8BE9}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{6B6C0405-985D-4B99-9EFA-DE7178F8907B}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{6BF8F28B-A853-4A52-AF92-2D0CCF1AB8FA}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{6EA0DC88-DF32-42AA-89E8-7FEB95495977}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{73AF308D-6AC2-4D94-A880-8B2215479F90}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{7B02094D-E464-4FFD-BD9F-C17C3CC1E0F5}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{80AA8411-1F7C-479E-B5ED-31CDEB6A178E}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{812A0B9E-1D6C-4C90-A05C-B02CF22A195F}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{86EA106E-390F-47D6-BE12-E69C46F2A665}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{8D1F3CA4-9709-43B6-B5B2-4A14A26A9A52}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{8DE7098E-7FC1-475B-9D22-F7DD9897970B}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{8EEB92C2-5B23-413C-B5B1-154268EF8B57}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{8F90FA82-91EC-43CC-9DB3-F276506CE011}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{90D0458D-B533-4ABB-9A24-1FBC9FDD6842}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{92E991FB-29FC-45DA-B16E-C346A3AC8BF8}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{9C3C73BD-F79B-4F9B-888F-F844965597C4}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{9D6B388A-CC70-4557-8504-93E14F0816E7}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{A5BEB345-2DA8-4B61-9AE1-3D648220B145}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{A5FE4127-478A-475A-9FE6-2802172E2FC1}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{A7B6032F-124C-4032-AC67-351DA4E9F104}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{A961F81C-B894-4874-AA21-B6BC296F4594}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{AA911243-F142-4CB7-A326-361100670A30}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{B16CFB5B-346D-4F8F-A9F0-D2D15AEA700F}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{B190E9CC-C439-4739-A7F3-A7F444034D35}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{B33F77ED-4F7A-4317-B559-07CF51247AE0}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{BE9FDDEC-1A59-4509-9434-461A563A8AC2}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{C90457E0-2724-4493-8A9C-9020580DF37A}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{C9891020-1EE5-4017-80D7-B4280B544D5E}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{CAFC2B74-C1E4-4FA9-9216-274734478936}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{CDEE5F6F-E523-43F2-BFFC-259B7A7EF506}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{CE7C74C8-6A9A-4D77-A299-87FDAEBAC5D0}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{D0DD6E83-630E-4C29-9552-18A3A6C8CF7D}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{D1A6DEC8-6192-42E0-80B8-97013A66B939}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{D7B7339E-9125-4536-8A5E-B89BCF4C4566}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{DB9EFD09-B714-4B37-B22E-006320C31666}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{DE90BD60-AE4A-4DD5-B5F5-63478E09A594}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{DEC59360-1B1E-4657-803A-1AD9FAEEAD21}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{E1059C2B-0CA1-411E-85CF-409F75BB06CF}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{E2C58202-C60C-463C-95C6-2F429A69F47B}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{E526EEF3-5ACC-4744-A1C3-43322BEBF3AB}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{E9F4261F-814E-47BA-8CCA-2AD2E7219CA3}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{F196C146-EF5F-4ACC-87C2-FCC1904F18C9}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{F64D89CE-AB31-4367-AFDC-611863162752}Successfully deleted: [Empty Folder] C:UsersDavidappdatalocal{FC043C13-297E-4689-86E3-E335F9038E41}

 

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machinesoftwarepoliciesgooglechromeextensioninstallforcelist

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

Link to comment
Share on other sites

No change. Just tried doing a search and I get redirected to yellow page.com, for example. Another search sends me to a site prompting me to up date flash player, which is where this all started I think.

Link to comment
Share on other sites

--RogueKiller--

[*]Download & SAVE to your Desktop RogueKiller or from here

[*]Quit all programs that you may have started.

[*]Please disconnect any USB or external drives from the computer before you run this scan!

[*]For Vista or Windows 7, right-click and select "Run as Administrator to start"

[*]For Windows XP, double-click to start.

[*]Wait until Prescan has finished ...

[*]Then Click on "Scan" button

[*]Wait until the Status box shows "Scan Finished"

[*]click on "delete"

[*]Wait until the Status box shows "Deleting Finished"

[*]Click on "Report" and copy/paste the content of the Notepad into your next reply.

[*]The log should be found in RKreport[1].txt on your Desktop

[*]Exit/Close RogueKiller+

Let me know if there's any changes afterwards.

Edited by Conspire
Link to comment
Share on other sites

Still no change.

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 05/06/2013 20:20:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PROXY IE] HKCU[...]Internet Settings : ProxyServer (hxxp=<local>) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU[...]System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU[...]System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM[...]System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:Windowssystem32driversetchosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 +++++
--- User ---
[MBR] 72a8e36e8321df55d34d7537b4ac9ee7
[bSP] b27509906ed6353760ff27ab2267a1ef : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461726 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946024448 | Size: 14910 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8a5dfae4eb1a8446d35e8a56cf4cafd3
[bSP] e2151d113436920a25f533fbf261e165 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[2]_D_05062013_02d2020.txt >>
RKreport[1]_S_05062013_02d2018.txt ; RKreport[2]_D_05062013_02d2020.txt

Link to comment
Share on other sites

Ok, I'm going to need a more comprehensive log than DDS.

 

Something tells me it might be one of the extensions or add-ons in Chrome.

 

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

[*]Click on Minimal Output at the top

[*]Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"

[*]Double click inside the Custom Scan box at the bottom

[*]A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"

[*]Click the OK button and navigate to the file scan.txt which we just saved to your desktop

[*]Select scan.txt and click Open. Writing will now appear under the Custom Scan box

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to comment
Share on other sites

I followed instructions and ran OTL fine but not OTL Custom. Nothing worked from you 3rd bullet down except that I did get to the "What the Tech" page. When I clicked the only download button there all i got was a Custom Scan Log which i posted below.

 

OTL logfile created on: 5/7/2013 6:56:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.35% Memory free
7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 372.12 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Space | 85.45% Space Free | Partition Type: FAT32

Computer Name: OZZIE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:UsersDavidDesktopOTL.exe (OldTimer Tools)
PRC - C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
PRC - C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
PRC - C:PROGRAM FILES (X86)KODAKAIOSTATUSMONITOREKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe (Microsoft Corporation.)
PRC - C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.exe (Microsoft Corporation.)
PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
PRC - C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (CyberLink)
PRC - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
PRC - C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)
PRC - C:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe (TODO: <Company name>)
PRC - C:Program Files (x86)CanonCALCALMAIN.exe (Canon Inc.)


========== Modules (No Company Name) ==========

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Web5ecf01964c70e453d71e5d7653912ff9System.Web.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Formscb562e2e4f74ae607f1186f6ec50cec7System.Windows.Forms.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorUtil27649bdc3da750e2e072dedbff56cc0bIAStorUtil.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorCommon09a468fb987e5a5f345346b0910c89caIAStorCommon.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#90b89f6e8032310e9ac72a309fd49e83System.Runtime.Remoting.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawingeead6629e384a5b69f9ae35284b7eeedSystem.Drawing.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32WindowsBasecf827fe7bc99d9bcf0ba3621054ef527WindowsBase.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlf687c43e9fdec031988b33ae722c4613System.Xml.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration195a77fcc6206f8bb35d419ff2cf0d72System.Configuration.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System369f8bdca364e2b4936d18dea582912cSystem.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlib7150b9136fad5b79e88f6c7f9d3d2c39mscorlib.ni.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll ()
MOD - C:WindowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtGui4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtCore4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribepluginsimageformatsqjpeg4.dll ()
MOD - C:WindowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (cmdAgent) -- C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (COMODO)
SRV:64bit: - (STacSV) -- C:Program FilesIDTWDMSTacSV64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLPSLauncher) -- C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
SRV - (GeekBuddyRSP) -- C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
SRV - (HP Support Assistant Service) -- C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
SRV - (UNS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
SRV - (LMS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:Program Files (x86)CanonCALCALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found
DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (EsgScanner) -- C:WindowsSysNativedriversEsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )
DRV:64bit: - (Sftvol) -- C:WindowsSysNativedriversSftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:WindowsSysNativedriversSftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:WindowsSysNativedriversSftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:WindowsSysNativedriversSftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:WindowsSysNativedriversBCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:WindowsSysNativedriversRtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:WindowsSysNativedriversIntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:WindowsSysNativedriversImpcd.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:WindowsSysNativedriversbtwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:WindowsSysNativedriversbtwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:WindowsSysNativedriversbtwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:WindowsSysNativedriversbtwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:WindowsSysNativedriversbtwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:WindowsSysNativedriversHECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (CFRMD) -- C:WindowsSysWOW64driversCFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,Search Bar = http://search.msn.com/spbasic.htm
IE:64bit: - HKLM..SearchScopes,DefaultScope =
IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM..SearchScopes,DefaultScope =
IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultName = Google
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
IE - HKCU..URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{3E7A29A4-A788-4273-B672-FE68CDBF3926}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=<local>


========== FireFox ==========

FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64PepperFlashpepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:UsersDavidAppDataLocalGoogleChromeApplicationpluginsnpMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:Program Files (x86)Javajre6binplugin2npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:WindowsSysWOW64AdobeDirectornp32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll
CHR - Extension: Google Docs = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR - Extension: Google Drive = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR - Extension: YouTube = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR - Extension: Google Search = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR - Extension: Flash Player = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsmcgihabgillhhnoohpgpmeoklplincpa11_0
CHR - Extension: Gmail = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

O1 HOSTS File: ([2012/02/11 11:44:38 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program FilesWOTWOT.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program Files (x86)WOTWOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O4:64bit: - HKLM..Run: [COMODO Internet Security] C:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)
O4:64bit: - HKLM..Run: [HotKeysCmds] C:WindowsSysNativehkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe ()
O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..Run: [Persistence] C:WindowsSysNativeigfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found
O4 - HKLM..Run: [EKStatusMonitor] C:Program Files (x86)KodakAiOStatusMonitorEKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..Run: [gbrspcontrol] C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
O4 - HKLM..Run: [iMSS] C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe ()
O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra Button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra Button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O15 - HKCU..Trusted Domains: ([]msn in Computer)
O15 - HKCU..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU..Trusted Domains: //@signup.mar@ ([]msn in Computer)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]http in Trusted sites)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 64.222.165.243 64.222.84.243
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}: DhcpNameServer = 64.222.165.243 64.222.84.243
O18:64bit: - ProtocolHandlerlivecall - No CLSID value found
O18:64bit: - ProtocolHandlerms-help - No CLSID value found
O18:64bit: - ProtocolHandlermsnim - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18:64bit: - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program FilesWOTWOT.dll ()
O18 - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program Files (x86)WOTWOT.dll ()
O20:64bit: - AppInit_DLLs: (C:WindowsSystem32guard64.dll) - C:WindowsSysNativeguard64.dll (COMODO)
O20 - AppInit_DLLs: (C:WindowsSysWOW64guard32.dll) - C:WindowsSysWOW64guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWow64userinit.exe (Microsoft Corporation)
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/27 17:37:22 | 000,000,000 | ---- | M] () - C:autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/03/15 10:52:56 | 000,000,398 | ---- | M] () - C:AUTOEXEC.UP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKCU...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 06:55:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersDavidDesktopOTL.exe
[2013/05/06 20:16:02 | 000,000,000 | ---D | C] -- C:UsersDavidDesktopRK_Quarantine
[2013/05/05 14:04:17 | 000,000,000 | ---D | C] -- C:WindowsERUNT
[2013/05/05 14:03:42 | 000,000,000 | ---D | C] -- C:JRT
[2013/05/05 12:29:47 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN
[2013/05/04 18:24:48 | 000,000,000 | ---D | C] -- C:Windowstemp
[2013/05/04 17:49:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe
[2013/05/04 17:49:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe
[2013/05/04 17:49:43 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe
[2013/05/04 17:47:40 | 000,000,000 | ---D | C] -- C:Qoobox
[2013/04/28 13:18:08 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome
[2013/04/27 17:35:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesWise Installation Wizard
[2013/04/10 12:42:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll
[2013/04/10 12:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll
[2013/04/10 12:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll
[2013/04/10 12:42:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll
[2013/04/10 12:42:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll
[2013/04/10 12:42:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll
[2013/04/10 12:42:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe
[2013/04/10 12:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe
[2013/04/10 12:42:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl
[2013/04/10 12:42:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl
[2013/04/10 12:42:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll
[2013/04/10 12:42:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll
[2013/04/10 12:42:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll
[2013/04/10 12:42:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll
[2013/04/10 12:42:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll
[2013/04/10 07:42:40 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstscax.dll
[2013/04/10 07:42:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstscax.dll
[2013/04/10 07:42:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaaclient.dll
[2013/04/10 07:42:38 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64aaclient.dll
[2013/04/10 07:42:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetsgqec.dll
[2013/04/10 07:42:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tsgqec.dll
[2013/04/10 07:37:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe
[2013/04/10 07:37:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe
[2013/04/10 07:37:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe
[2013/04/10 07:37:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesmss.exe
[2013/04/10 07:37:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecsrsrv.dll
[2013/04/10 07:37:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64apisetschema.dll
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/07 06:55:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersDavidDesktopOTL.exe
[2013/05/07 06:43:46 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 06:43:46 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 06:41:22 | 000,737,616 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2013/05/07 06:41:22 | 000,631,948 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2013/05/07 06:41:22 | 000,109,776 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2013/05/07 06:36:46 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2013/05/07 06:36:13 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2013/05/07 06:36:06 | 3062,255,616 | -HS- | M] () -- C:hiberfil.sys
[2013/05/06 21:31:24 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2013/05/06 21:31:23 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job
[2013/05/05 15:22:13 | 000,751,114 | ---- | M] () -- C:WindowsSysWow64PerfStringBackup.INI
[2013/04/30 17:49:07 | 000,000,336 | ---- | M] () -- C:WindowstasksHPCeeScheduleForOZZIE$.job
[2013/04/28 13:35:32 | 000,002,279 | ---- | M] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/04/28 13:18:08 | 000,002,255 | ---- | M] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/04/27 17:37:22 | 000,000,000 | ---- | M] () -- C:autoexec.bat
[2013/04/27 07:13:39 | 000,000,822 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk
[2013/04/23 20:25:35 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
[2013/04/18 06:51:02 | 000,000,332 | ---- | M] () -- C:WindowstasksHPCeeScheduleForDavid.job
[2013/04/10 17:56:38 | 000,504,384 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/04 17:49:43 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe
[2013/05/04 17:49:43 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe
[2013/05/04 17:49:43 | 000,098,816 | ---- | C] () -- C:Windowssed.exe
[2013/05/04 17:49:43 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe
[2013/05/04 17:49:43 | 000,068,096 | ---- | C] () -- C:Windowszip.exe
[2013/04/28 13:18:08 | 000,002,279 | ---- | C] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/04/28 13:18:08 | 000,002,255 | ---- | C] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/04/27 17:37:22 | 000,000,000 | ---- | C] () -- C:autoexec.bat
[2013/04/27 17:37:02 | 000,022,704 | ---- | C] () -- C:WindowsSysNativedriversEsgScanner.sys
[2011/11/24 09:55:42 | 000,867,020 | ---- | C] () -- C:WindowsSysWow64igkrng575.bin
[2011/11/24 09:55:42 | 000,105,608 | ---- | C] () -- C:WindowsSysWow64igfcg575m.bin
[2011/09/07 18:42:00 | 000,066,856 | ---- | C] () -- C:WindowsSysWow64SynTPEnhPS.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:WindowsSysWow64ig4icd32.dll
[2011/08/28 18:11:24 | 000,073,220 | ---- | C] () -- C:WindowsSysWow64EPPICPrinterDB.dat
[2011/08/28 18:11:24 | 000,031,053 | ---- | C] () -- C:WindowsSysWow64EPPICPattern131.dat
[2011/08/28 18:11:24 | 000,029,114 | ---- | C] () -- C:WindowsSysWow64EPPICPattern1.dat
[2011/08/28 18:11:24 | 000,027,417 | ---- | C] () -- C:WindowsSysWow64EPPICPattern121.dat
[2011/08/28 18:11:24 | 000,021,021 | ---- | C] () -- C:WindowsSysWow64EPPICPattern3.dat
[2011/08/28 18:11:24 | 000,015,670 | ---- | C] () -- C:WindowsSysWow64EPPICPattern5.dat
[2011/08/28 18:11:24 | 000,013,280 | ---- | C] () -- C:WindowsSysWow64EPPICPattern2.dat
[2011/08/28 18:11:24 | 000,010,673 | ---- | C] () -- C:WindowsSysWow64EPPICPattern4.dat
[2011/08/28 18:11:24 | 000,004,943 | ---- | C] () -- C:WindowsSysWow64EPPICPattern6.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_PT.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_BP.dat
[2011/08/28 18:11:24 | 000,001,137 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_ES.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_FR.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_CF.dat
[2011/08/28 18:11:24 | 000,001,104 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_EN.dat
[2011/08/28 18:11:24 | 000,000,097 | ---- | C] () -- C:WindowsSysWow64PICSDK.ini
[2011/08/28 18:09:27 | 000,000,044 | ---- | C] () -- C:WindowsEPCX8400.ini
[2011/06/09 10:28:30 | 000,751,114 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI
[2006/12/23 17:01:28 | 000,000,134 | R--- | C] () -- C:UsersDavidValid.Ext

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
"" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:ProgramDataTemp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:ProgramDataTemp:5C321E34

< End of report >

OTL Extras logfile created on: 5/7/2013 6:56:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.35% Memory free
7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 372.12 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Space | 85.45% Space Free | Partition Type: FAT32

Computer Name: OZZIE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.html[@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" %1
htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" /p %1
http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" %1
htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" /p %1
http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{056B8E7B-1C47-4D09-8D9C-44D16030B5F1}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14outlook.exe |
"{088F2DAA-F463-47A7-8FC8-46F1B7C6B7A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{08A8BA4A-EEA0-40CE-AE41-F81364325A1F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{22A6B76C-2658-4EFF-A2DF-A3A93A14CA91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
"{263EE6FA-4D19-4167-9B5F-5B2D5485BB13}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C44B412-D7C1-4792-B552-850CFD20FDB4}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{305E954D-AFD3-4213-81DE-45709A8A5CA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
"{3255B96E-CAD3-49CB-8334-9D337F287C56}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AF2DF68-743D-43B3-87AE-6814D15DCA52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{68D5681B-C82E-4ABF-A955-3D5EADD7462B}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7B10A863-B4B4-4A8D-AD2C-2E116C93C78C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C5E29D5-C649-407F-82E9-638A09C4FFDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F1F3589-B026-4DEF-9483-60FF9E3F95E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229991C-171C-410B-8968-0A8A889CC4E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{A53DA0DA-807E-4C00-BB4F-4132285D50C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C86EBE37-B6DF-4FE5-9223-D6B476A23436}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DB40DBF6-4B40-41F5-914D-A141C30E24F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
"{F2B057D0-0CD1-4CB1-A442-4FDCD737DACB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDA23A39-4D31-4BA2-B19D-9272C55C68F0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{002126DE-ABC8-4B3B-86BE-17F4C597865B}" = protocol=6 | dir=in | app=c:psdpsopenlf.exe |
"{003C0117-D973-4508-BFF4-55AAF9ED1FCC}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenterkodak.statistics.exe |
"{08664DA6-B465-4E23-9D9D-0AC1A685B8DA}" = dir=in | app=c:program files (x86)hewlett-packardhp clouddrivezumodrive.exe |
"{0C360586-05E1-4490-BC7E-2D1DCD05180A}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenteraiohomecenter.exe |
"{0CB8B6C1-078F-4AD4-B9F8-0DF34D125153}" = protocol=17 | dir=in | app=c:psdpsopenlf.exe |
"{281B78B4-E62C-42D6-BE1B-076D2471B071}" = protocol=17 | dir=in | app=c:programdatakodakinstallersetup.exe |
"{471E81B7-CE5C-4D85-8E48-C6A610D3227F}" = protocol=6 | dir=in | app=c:programdatakodakinstallersetup.exe |
"{4993295C-ADDB-4939-AC58-89EB7CE27137}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenternetworkprinterdiscovery.exe |
"{54D1EA7D-64C8-465B-8923-B5652D83E1DC}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |
"{57BD7AD4-9AB0-4F51-B123-0842A2DF50A6}" = protocol=6 | dir=in | app=c:program files (x86)common filescomodotvnserver.exe |
"{5A23A9FE-F35D-4C97-9759-84264E2474B0}" = protocol=6 | dir=in | app=c:program files (x86)common filescomodogeekbuddyrsp.exe |
"{63886391-E52E-4730-88CE-10D6462D674B}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiofirmwarekodakaioupdater.exe |
"{74F71F9D-2AEA-4B42-9EAE-8C40EBFE4DED}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{7A477CCF-086C-4DBA-A2EF-EF124287E1A2}" = dir=in | app=c:program files (x86)hewlett-packardhp support frameworkresourceshpwarrantycheckhpdevicedetection3.exe |
"{7A741100-367D-41A4-9BAD-284D0DC2ED4C}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{7AC36ED4-D944-4424-8186-5D6D7F12DD79}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiocenternetworkprinterdiscovery.exe |
"{7C9C6D48-825D-423A-B138-34DA1695DB97}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.ex

Link to comment
Share on other sites

I reposted Custom Scan because i didn't see it above.

 

netsvcs%SYSTEMDRIVE%*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exeservices.exe/md5stop%systemroot%*. /rp /s%systemdrive%$Recycle.Bin|@;true;true;trueDRIVESCREATERESTOREPOINTHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAUHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

Link to comment
Share on other sites

You have to copy/paste this custom scans script into the custom scans box before starting the scan.

The OTL log is partially posted. I think it's the limitation of the board. Attach the logs in your next reply. Thanks

netsvcs%SYSTEMDRIVE%*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exeservices.exe/md5stop%systemroot%*. /rp /s%systemdrive%$Recycle.Bin|@;true;true;trueDRIVESCREATERESTOREPOINTHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAUHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs
Link to comment
Share on other sites

OTL logfile created on: 5/8/2013 9:14:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 53.28% Memory free
7.60 Gb Paging File | 5.49 Gb Available in Paging File | 72.24% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 371.13 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Space | 85.45% Space Free | Partition Type: FAT32

Computer Name: OZZIE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:UsersDavidDesktopOTL.exe (OldTimer Tools)
PRC - C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
PRC - C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
PRC - C:PROGRAM FILES (X86)KODAKAIOSTATUSMONITOREKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe (Microsoft Corporation.)
PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
PRC - C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (CyberLink)
PRC - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
PRC - C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)
PRC - C:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe (TODO: <Company name>)


========== Modules (No Company Name) ==========

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Formscb562e2e4f74ae607f1186f6ec50cec7System.Windows.Forms.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorUtil27649bdc3da750e2e072dedbff56cc0bIAStorUtil.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32IAStorCommon09a468fb987e5a5f345346b0910c89caIAStorCommon.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#90b89f6e8032310e9ac72a309fd49e83System.Runtime.Remoting.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawingeead6629e384a5b69f9ae35284b7eeedSystem.Drawing.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32WindowsBasecf827fe7bc99d9bcf0ba3621054ef527WindowsBase.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlf687c43e9fdec031988b33ae722c4613System.Xml.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration195a77fcc6206f8bb35d419ff2cf0d72System.Configuration.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System369f8bdca364e2b4936d18dea582912cSystem.ni.dll ()
MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlib7150b9136fad5b79e88f6c7f9d3d2c39mscorlib.ni.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.dll ()
MOD - C:WindowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtGui4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribeQtCore4.dll ()
MOD - C:Program Files (x86)Common FilesLightScribepluginsimageformatsqjpeg4.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Xml2.0.0.0__b77a5c561934e089System.Xml.dll ()
MOD - C:WindowsassemblyGAC_MSILSystem.Configuration2.0.0.0__b03f5f7f11d50a3aSystem.Configuration.dll ()
MOD - C:WindowsassemblyGAC_MSILAccessibility2.0.0.0__b03f5f7f11d50a3aAccessibility.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (cmdAgent) -- C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (COMODO)
SRV:64bit: - (STacSV) -- C:Program FilesIDTWDMSTacSV64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLPSLauncher) -- C:Program Files (x86)Common FilesComodolauncher_service.exe (Comodo Security Solutions Inc.)
SRV - (GeekBuddyRSP) -- C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)
SRV - (HP Support Assistant Service) -- C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)
SRV - (UNS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
SRV - (LMS) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:Program Files (x86)CanonCALCALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found
DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (EsgScanner) -- C:WindowsSysNativedriversEsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )
DRV:64bit: - (Sftvol) -- C:WindowsSysNativedriversSftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:WindowsSysNativedriversSftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:WindowsSysNativedriversSftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:WindowsSysNativedriversSftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:WindowsSysNativedriversBCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:WindowsSysNativedriversRtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:WindowsSysNativedriversIntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:WindowsSysNativedriversImpcd.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:WindowsSysNativedriversbtwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:WindowsSysNativedriversbtwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:WindowsSysNativedriversbtwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:WindowsSysNativedriversbtwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:WindowsSysNativedriversbtwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:WindowsSysNativedriversHECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (CFRMD) -- C:WindowsSysWOW64driversCFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,Search Bar = http://search.msn.com/spbasic.htm
IE:64bit: - HKLM..SearchScopes,DefaultScope =
IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM..SearchScopes,DefaultScope =
IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultName = Google
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
IE - HKCU..URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{3E7A29A4-A788-4273-B672-FE68CDBF3926}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=<local>


========== FireFox ==========

FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64PepperFlashpepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication26.0.1410.64pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:UsersDavidAppDataLocalGoogleChromeApplicationpluginsnpMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:Program Files (x86)Javajre6binplugin2npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:WindowsSysWOW64AdobeDirectornp32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll
CHR - Extension: Google Docs = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR - Extension: Google Drive = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR - Extension: YouTube = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR - Extension: Google Search = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR - Extension: Flash Player = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionsmcgihabgillhhnoohpgpmeoklplincpa11_0
CHR - Extension: Gmail = C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

O1 HOSTS File: ([2012/02/11 11:44:38 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program FilesWOTWOT.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:Program Files (x86)WOTWOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKLM..Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program FilesWOTWOT.dll ()
O3 - HKCU..ToolbarWebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:Program Files (x86)WOTWOT.dll ()
O4:64bit: - HKLM..Run: [COMODO Internet Security] C:Program FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO)
O4:64bit: - HKLM..Run: [HotKeysCmds] C:WindowsSysNativehkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe ()
O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..Run: [Persistence] C:WindowsSysNativeigfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found
O4 - HKLM..Run: [EKStatusMonitor] C:Program Files (x86)KodakAiOStatusMonitorEKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..Run: [gbrspcontrol] C:Program Files (x86)Common FilesComodoGeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..Run: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Intel Corporation)
O4 - HKLM..Run: [iMSS] C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe ()
O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra Button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra Button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O15 - HKCU..Trusted Domains: ([]msn in Computer)
O15 - HKCU..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU..Trusted Domains: //@signup.mar@ ([]msn in Computer)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]http in Trusted sites)
O15 - HKCU..Trusted Domains: myfairpoint.net ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 64.222.165.243 64.222.84.243
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}: DhcpNameServer = 64.222.165.243 64.222.84.243
O18:64bit: - ProtocolHandlerlivecall - No CLSID value found
O18:64bit: - ProtocolHandlerms-help - No CLSID value found
O18:64bit: - ProtocolHandlermsnim - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18:64bit: - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program FilesWOTWOT.dll ()
O18 - ProtocolHandlerwot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:Program Files (x86)WOTWOT.dll ()
O20:64bit: - AppInit_DLLs: (C:WindowsSystem32guard64.dll) - C:WindowsSysNativeguard64.dll (COMODO)
O20 - AppInit_DLLs: (C:WindowsSysWOW64guard32.dll) - C:WindowsSysWOW64guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWow64userinit.exe (Microsoft Corporation)
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/27 17:37:22 | 000,000,000 | ---- | M] () - C:autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/03/15 10:52:56 | 000,000,398 | ---- | M] () - C:AUTOEXEC.UP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKCU...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystemsWindows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 06:55:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersDavidDesktopOTL.exe
[2013/05/05 14:04:17 | 000,000,000 | ---D | C] -- C:WindowsERUNT
[2013/05/05 14:03:42 | 000,000,000 | ---D | C] -- C:JRT
[2013/05/05 12:29:47 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN
[2013/05/04 18:24:48 | 000,000,000 | ---D | C] -- C:Windowstemp
[2013/05/04 17:49:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe
[2013/05/04 17:49:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe
[2013/05/04 17:49:43 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe
[2013/05/04 17:47:40 | 000,000,000 | ---D | C] -- C:Qoobox
[2013/04/28 13:18:08 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome
[2013/04/27 17:35:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesWise Installation Wizard
[2013/04/10 12:42:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll
[2013/04/10 12:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll
[2013/04/10 12:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll
[2013/04/10 12:42:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll
[2013/04/10 12:42:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll
[2013/04/10 12:42:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll
[2013/04/10 12:42:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe
[2013/04/10 12:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe
[2013/04/10 12:42:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl
[2013/04/10 12:42:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl
[2013/04/10 12:42:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll
[2013/04/10 12:42:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll
[2013/04/10 12:42:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll
[2013/04/10 12:42:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll
[2013/04/10 12:42:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll
[2013/04/10 07:42:40 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstscax.dll
[2013/04/10 07:42:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstscax.dll
[2013/04/10 07:42:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaaclient.dll
[2013/04/10 07:42:38 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64aaclient.dll
[2013/04/10 07:42:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetsgqec.dll
[2013/04/10 07:42:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tsgqec.dll
[2013/04/10 07:37:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe
[2013/04/10 07:37:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe
[2013/04/10 07:37:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe
[2013/04/10 07:37:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesmss.exe
[2013/04/10 07:37:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecsrsrv.dll
[2013/04/10 07:37:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64apisetschema.dll
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/08 21:07:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job
[2013/05/08 20:28:00 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2013/05/08 18:23:22 | 000,737,616 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2013/05/08 18:23:22 | 000,631,948 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2013/05/08 18:23:22 | 000,109,776 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2013/05/08 18:21:34 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2013/05/08 17:16:09 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 17:16:09 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 17:08:47 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2013/05/08 17:08:21 | 3062,255,616 | -HS- | M] () -- C:hiberfil.sys
[2013/05/07 06:55:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersDavidDesktopOTL.exe
[2013/05/05 15:22:13 | 000,751,114 | ---- | M] () -- C:WindowsSysWow64PerfStringBackup.INI
[2013/04/30 17:49:07 | 000,000,336 | ---- | M] () -- C:WindowstasksHPCeeScheduleForOZZIE$.job
[2013/04/28 13:35:32 | 000,002,279 | ---- | M] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/04/28 13:18:08 | 000,002,255 | ---- | M] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/04/27 17:37:22 | 000,000,000 | ---- | M] () -- C:autoexec.bat
[2013/04/27 07:13:39 | 000,000,822 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk
[2013/04/23 20:25:35 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
[2013/04/18 06:51:02 | 000,000,332 | ---- | M] () -- C:WindowstasksHPCeeScheduleForDavid.job
[2013/04/10 17:56:38 | 000,504,384 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/04 17:49:43 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe
[2013/05/04 17:49:43 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe
[2013/05/04 17:49:43 | 000,098,816 | ---- | C] () -- C:Windowssed.exe
[2013/05/04 17:49:43 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe
[2013/05/04 17:49:43 | 000,068,096 | ---- | C] () -- C:Windowszip.exe
[2013/04/28 13:18:08 | 000,002,279 | ---- | C] () -- C:UsersDavidApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
[2013/04/28 13:18:08 | 000,002,255 | ---- | C] () -- C:UsersPublicDesktopGoogle Chrome.lnk
[2013/04/27 17:37:22 | 000,000,000 | ---- | C] () -- C:autoexec.bat
[2013/04/27 17:37:02 | 000,022,704 | ---- | C] () -- C:WindowsSysNativedriversEsgScanner.sys
[2011/11/24 09:55:42 | 000,867,020 | ---- | C] () -- C:WindowsSysWow64igkrng575.bin
[2011/11/24 09:55:42 | 000,105,608 | ---- | C] () -- C:WindowsSysWow64igfcg575m.bin
[2011/09/07 18:42:00 | 000,066,856 | ---- | C] () -- C:WindowsSysWow64SynTPEnhPS.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:WindowsSysWow64ig4icd32.dll
[2011/08/28 18:11:24 | 000,073,220 | ---- | C] () -- C:WindowsSysWow64EPPICPrinterDB.dat
[2011/08/28 18:11:24 | 000,031,053 | ---- | C] () -- C:WindowsSysWow64EPPICPattern131.dat
[2011/08/28 18:11:24 | 000,029,114 | ---- | C] () -- C:WindowsSysWow64EPPICPattern1.dat
[2011/08/28 18:11:24 | 000,027,417 | ---- | C] () -- C:WindowsSysWow64EPPICPattern121.dat
[2011/08/28 18:11:24 | 000,021,021 | ---- | C] () -- C:WindowsSysWow64EPPICPattern3.dat
[2011/08/28 18:11:24 | 000,015,670 | ---- | C] () -- C:WindowsSysWow64EPPICPattern5.dat
[2011/08/28 18:11:24 | 000,013,280 | ---- | C] () -- C:WindowsSysWow64EPPICPattern2.dat
[2011/08/28 18:11:24 | 000,010,673 | ---- | C] () -- C:WindowsSysWow64EPPICPattern4.dat
[2011/08/28 18:11:24 | 000,004,943 | ---- | C] () -- C:WindowsSysWow64EPPICPattern6.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_PT.dat
[2011/08/28 18:11:24 | 000,001,140 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_BP.dat
[2011/08/28 18:11:24 | 000,001,137 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_ES.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_FR.dat
[2011/08/28 18:11:24 | 000,001,130 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_CF.dat
[2011/08/28 18:11:24 | 000,001,104 | ---- | C] () -- C:WindowsSysWow64EPPICPresetData_EN.dat
[2011/08/28 18:11:24 | 000,000,097 | ---- | C] () -- C:WindowsSysWow64PICSDK.ini
[2011/08/28 18:09:27 | 000,000,044 | ---- | C] () -- C:WindowsEPCX8400.ini
[2011/06/09 10:28:30 | 000,751,114 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI
[2006/12/23 17:01:28 | 000,000,134 | R--- | C] () -- C:UsersDavidValid.Ext

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
"" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >
[2003/03/15 10:53:08 | 000,002,613 | ---- | M] () -- C:DELLBOOT.EXE
[2003/03/15 10:58:10 | 001,018,975 | ---- | M] () -- C:DELLDIAG.EXE
[2003/03/15 10:58:34 | 000,859,011 | ---- | M] () -- C:DELLTBUI.EXE
[2002/03/29 12:53:52 | 000,047,507 | ---- | M] () -- C:SEAL.EXE
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4explorer.exe
[2011/01/09 06:15:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:WindowsERDNTcache86explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowsexplorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe
[2011/01/09 06:12:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41cexplorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:WindowsSysWOW64explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe
[2011/01/09 06:15:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007explorer.exe
[2011/01/09 06:12:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe
[2011/01/09 06:15:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7explorer.exe
[2011/01/09 06:12:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566explorer.exe
[2011/01/09 06:15:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9explorer.exe
[2011/01/09 06:12:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79aeexplorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:WindowsERDNTcache64services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:WindowsSysNativeservices.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:Windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe
[2002/08/29 06:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:I386SERVICES.EXE

< MD5 for: SVCHOST.EXE >
[2002/08/29 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:I386SVCHOST.EXE
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:WindowsERDNTcache86svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:WindowsSysWOW64svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonsvchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:WindowsERDNTcache64svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:WindowsSysNativesvchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:WindowsERDNTcache86userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:WindowsSysWOW64userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:WindowsERDNTcache64userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:WindowsSysNativeuserinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe
[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:I386USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:WindowsERDNTcache64winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:WindowsSysNativewinlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829cwinlogon.exe
[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:I386WINLOGON.EXE
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonwinlogon.exe
[2011/01/09 06:15:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042adwinlogon.exe

< %systemroot%*. /rp /s >

< %systemdrive%$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: .PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-60A0RT0
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 199.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 484364517376
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 103.00MB
Starting Offset: 499998785536
Hidden sectors: 0


< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:ProgramDataTemp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:ProgramDataTemp:5C321E34

< End of report >

 

OTL Extras logfile created on: 5/7/2013 6:56:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.35% Memory free
7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 372.12 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Spac

Link to comment
Share on other sites

Here's the extras.txt again. For some it didn't post whole log file.

 

OTL Extras logfile created on: 5/7/2013 6:56:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.35% Memory free
7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 450.90 Gb Total Space | 372.12 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.82 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.62 Mb Free Space | 85.45% Space Free | Partition Type: FAT32

Computer Name: OZZIE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.html[@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" %1
htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" /p %1
http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" %1
htmlfile [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:PROGRA~2MICROS~1Office14msohtmed.exe" /p %1
http [open] -- "C:Program FilesInternet Exploreriexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{056B8E7B-1C47-4D09-8D9C-44D16030B5F1}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14outlook.exe |
"{088F2DAA-F463-47A7-8FC8-46F1B7C6B7A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{08A8BA4A-EEA0-40CE-AE41-F81364325A1F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{22A6B76C-2658-4EFF-A2DF-A3A93A14CA91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
"{263EE6FA-4D19-4167-9B5F-5B2D5485BB13}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C44B412-D7C1-4792-B552-850CFD20FDB4}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{305E954D-AFD3-4213-81DE-45709A8A5CA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
"{3255B96E-CAD3-49CB-8334-9D337F287C56}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AF2DF68-743D-43B3-87AE-6814D15DCA52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{68D5681B-C82E-4ABF-A955-3D5EADD7462B}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7B10A863-B4B4-4A8D-AD2C-2E116C93C78C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C5E29D5-C649-407F-82E9-638A09C4FFDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F1F3589-B026-4DEF-9483-60FF9E3F95E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229991C-171C-410B-8968-0A8A889CC4E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{A53DA0DA-807E-4C00-BB4F-4132285D50C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C86EBE37-B6DF-4FE5-9223-D6B476A23436}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DB40DBF6-4B40-41F5-914D-A141C30E24F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
"{F2B057D0-0CD1-4CB1-A442-4FDCD737DACB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDA23A39-4D31-4BA2-B19D-9272C55C68F0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{002126DE-ABC8-4B3B-86BE-17F4C597865B}" = protocol=6 | dir=in | app=c:psdpsopenlf.exe |
"{003C0117-D973-4508-BFF4-55AAF9ED1FCC}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenterkodak.statistics.exe |
"{08664DA6-B465-4E23-9D9D-0AC1A685B8DA}" = dir=in | app=c:program files (x86)hewlett-packardhp clouddrivezumodrive.exe |
"{0C360586-05E1-4490-BC7E-2D1DCD05180A}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenteraiohomecenter.exe |
"{0CB8B6C1-078F-4AD4-B9F8-0DF34D125153}" = protocol=17 | dir=in | app=c:psdpsopenlf.exe |
"{281B78B4-E62C-42D6-BE1B-076D2471B071}" = protocol=17 | dir=in | app=c:programdatakodakinstallersetup.exe |
"{471E81B7-CE5C-4D85-8E48-C6A610D3227F}" = protocol=6 | dir=in | app=c:programdatakodakinstallersetup.exe |
"{4993295C-ADDB-4939-AC58-89EB7CE27137}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiocenternetworkprinterdiscovery.exe |
"{54D1EA7D-64C8-465B-8923-B5652D83E1DC}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |
"{57BD7AD4-9AB0-4F51-B123-0842A2DF50A6}" = protocol=6 | dir=in | app=c:program files (x86)common filescomodotvnserver.exe |
"{5A23A9FE-F35D-4C97-9759-84264E2474B0}" = protocol=6 | dir=in | app=c:program files (x86)common filescomodogeekbuddyrsp.exe |
"{63886391-E52E-4730-88CE-10D6462D674B}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiofirmwarekodakaioupdater.exe |
"{74F71F9D-2AEA-4B42-9EAE-8C40EBFE4DED}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{7A477CCF-086C-4DBA-A2EF-EF124287E1A2}" = dir=in | app=c:program files (x86)hewlett-packardhp support frameworkresourceshpwarrantycheckhpdevicedetection3.exe |
"{7A741100-367D-41A4-9BAD-284D0DC2ED4C}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice14onenote.exe |
"{7AC36ED4-D944-4424-8186-5D6D7F12DD79}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiocenternetworkprinterdiscovery.exe |
"{7C9C6D48-825D-423A-B138-34DA1695DB97}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |
"{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}" = protocol=17 | dir=in | app=c:program files (x86)hewlett-packardmediasmartroxionowrnow.exe |
"{8E526251-143C-4534-89BC-4CAD045FA589}" = protocol=6 | dir=in | app=c:program files (x86)hewlett-packardmediasmartroxionowrnow.exe |
"{94691C11-7D1C-492E-9178-1EB455A8B0F1}" = protocol=17 | dir=in | app=c:program files (x86)common filescomodogeekbuddyrsp.exe |
"{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |
"{98A2482D-C0BC-4C73-A28C-5B02F62609B2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}" = dir=in | app=c:program files (x86)windows livemeshmoe.exe |
"{A3FDF3B1-4F6F-4A49-8F5A-40E03348E728}" = protocol=6 | dir=in | app=c:psd2011ps.exe |
"{CD90B0E7-16F6-4B17-8D52-CBCE3DDE0AE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE2AEE0D-4D05-49C0-9DCD-A7174EFD98D8}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiocenterkodak.statistics.exe |
"{D3B29FEB-EF59-46FA-8F3A-EBC54990CECD}" = protocol=17 | dir=in | app=c:program files (x86)common filescomodotvnserver.exe |
"{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}" = protocol=6 | dir=in | app=c:program files (x86)roxioroxionow playerrnowshell.exe |
"{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}" = protocol=17 | dir=in | app=c:program files (x86)roxioroxionow playerrnowshell.exe |
"{DD1CED53-B43A-4DEA-9195-25A44BFAF974}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E83398A0-9326-4183-9869-2D4823A6EE70}" = protocol=6 | dir=in | app=c:program files (x86)kodakaiocenteraiohomecenter.exe |
"{F0A977F5-783D-4D9F-B679-C446EB75BA0B}" = protocol=17 | dir=in | app=c:psd2011ps.exe |
"{F3582637-D7EA-45F6-A0C4-8DB04E9F2FA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F761E628-4F47-4229-BAE8-382DD60C8FAE}" = dir=out | app=c:program files (x86)hewlett-packardhp clouddrivezumodrive.exe |
"{F88F1C3D-C566-48F6-BB23-439B1AD19B0F}" = protocol=17 | dir=in | app=c:program files (x86)kodakaiofirmwarekodakaioupdater.exe |
"TCP Query User{39364C24-5A1D-486A-98CE-81B64174757E}C:program files (x86)aimaim.exe" = protocol=6 | dir=in | app=c:program files (x86)aimaim.exe |
"TCP Query User{49E2B08E-1FC1-4717-A8D7-5412203DC9EB}C:program files (x86)googlegoogle earthclientgoogleearth.exe" = protocol=6 | dir=in | app=c:program files (x86)googlegoogle earthclientgoogleearth.exe |
"TCP Query User{96C7005F-1208-4264-9A16-2F7CE9436FBB}C:program files (x86)googlegoogle earthclientgoogleearth.exe" = protocol=6 | dir=in | app=c:program files (x86)googlegoogle earthclientgoogleearth.exe |
"TCP Query User{C64D7986-EF66-4EA4-B82D-07E5275E1E4C}C:usersdavidappdatalocalgooglechromeapplicationchrome.exe" = protocol=6 | dir=in | app=c:usersdavidappdatalocalgooglechromeapplicationchrome.exe |
"UDP Query User{0616808D-62C9-41ED-B9B0-4DED1D3DCC04}C:program files (x86)aimaim.exe" = protocol=17 | dir=in | app=c:program files (x86)aimaim.exe |
"UDP Query User{352CC71F-B8B1-419C-A62C-1B9D2EABDB2B}C:program files (x86)googlegoogle earthclientgoogleearth.exe" = protocol=17 | dir=in | app=c:program files (x86)googlegoogle earthclientgoogleearth.exe |
"UDP Query User{36877452-581E-4332-967A-FD47EFA5BE96}C:usersdavidappdatalocalgooglechromeapplicationchrome.exe" = protocol=17 | dir=in | app=c:usersdavidappdatalocalgooglechromeapplicationchrome.exe |
"UDP Query User{A3D7E879-5B10-4162-B8C1-2CB82C64D88E}C:program files (x86)googlegoogle earthclientgoogleearth.exe" = protocol=17 | dir=in | app=c:program files (x86)googlegoogle earthclientgoogleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40677A8B-B0D6-4D9D-B206-CB734D3C3A1F}" = GeekBuddy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44C05309-60F4-410B-BC32-31733CFF1A49}" = Microsoft Digital Image Suite Anniversary Edition Editor
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB259}" = Microsoft Digital Image Suite Anniversary Edition Library
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}" = Hallmark Card Studio 2007 Deluxe
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C13FE0EE-9F78-4081-A75C-7B4688ED41B2}" = Perfect Secretary 2011
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Cisco Connect" = Cisco Connect
"Comodo Dragon" = Comodo Dragon
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"Info Center_is1" = Info Center 1.0.0.10
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuite_v12" = Microsoft Digital Image Suite Anniversary Edition
"PrintProjects" = PrintProjects
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SlingHealth ActiveX" = SlingHealth ActiveX
"SpywareBlaster_is1" = SpywareBlaster 4.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2013 3:59:12 PM | Computer Name = OZZIE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:program files (x86)spybot
- search & destroyDelZip179.dll".Error in manifest or policy file "c:program
files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/5/2013 6:21:06 PM | Computer Name = OZZIE | Source = Application Error | ID = 1000
Description = Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp:
0x442b232e Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp:
0x4eeaf722 Exception code: 0xc0000005 Fault offset: 0x00009966 Faulting process id:
0xc08 Faulting application start time: 0x01ce49d3eda393ea Faulting application path:
C:Program Files (x86)CanonCALCALMAIN.exe Faulting module path: C:Windowssyswow64msvcrt.dll
Report
Id: 13f0c2a1-b5d2-11e2-8512-cc52af1e8a9b

Error - 5/5/2013 7:00:01 PM | Computer Name = OZZIE | Source = Windows Backup | ID = 4103
Description =

Error - 5/6/2013 5:26:14 PM | Computer Name = OZZIE | Source = Application Error | ID = 1000
Description = Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp:
0x442b232e Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp:
0x4eeaf722 Exception code: 0xc0000005 Fault offset: 0x00009966 Faulting process id:
0xc40 Faulting application start time: 0x01ce4a981cc37afb Faulting application path:
C:Program Files (x86)CanonCALCALMAIN.exe Faulting module path: C:Windowssyswow64msvcrt.dll
Report
Id: 94413843-b693-11e2-80de-cc52af1e8a9b

Error - 5/6/2013 7:23:46 PM | Computer Name = OZZIE | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:program files (x86)spybot
- search & destroyDelZip179.dll".Error in manifest or policy file "c:program
files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 7/4/2012 11:07:35 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/4/2012 11:07:35 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/4/2012 11:07:41 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/11/2012 9:15:37 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/11/2012 9:15:37 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/11/2012 9:15:37 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/11/2012 9:15:54 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

Error - 7/29/2012 1:13:59 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:Program Files (x86)Hewlett-PackardHP Support
FrameworkHPSF.exe Format: en-US RAM: 3893 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 9/29/2012 10:59:54 AM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:Program Files (x86)Hewlett-PackardHP Support
FrameworkHPSF.exe Format: en-US RAM: 3893 Ram Utilization: TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 10/29/2012 6:23:05 PM | Computer Name = OZZIE | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 4/18/2012 4:55:51 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/04/18 16:55:51.566|000011E8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 9:38:29 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/04/18 21:38:29.437|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 9:40:47 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/04/18 21:40:47.033|00001E38|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/18/2012 9:40:51 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/04/18 21:40:51.097|0000234C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/25/2012 10:41:10 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/04/25 22:41:10.099|00001AA0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/2/2012 9:23:36 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/05/02 21:23:36.266|00001C18|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 9:39:53 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/05/09 21:39:53.454|00001DCC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 9:44:42 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/05/09 21:44:42.324|00000B2C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 9:44:47 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/05/09 21:44:47.787|00001724|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 9:44:52 PM | Computer Name = OZZIE | Source = CaslWmi | ID = 5
Description = 2012/05/09 21:44:52.808|00000724|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 6/2/2011 7:05:50 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/2/2011 7:05:55 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/2/2011 7:05:55 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/4/2012 5:01:12 PM | Computer Name = OZZIE | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 3/16/2012 10:17:28 PM | Computer Name = OZZIE | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 4/18/2012 10:48:33 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 9/26/2012 6:31:51 AM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/19/2012 7:42:32 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/1/2012 10:49:30 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/10/2012 7:23:34 PM | Computer Name = OZZIE | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 5/5/2013 3:22:00 PM | Computer Name = OZZIE | Source = DCOM | ID = 10010
Description =

Error - 5/5/2013 5:03:04 PM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD

Error - 5/5/2013 6:21:07 PM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/6/2013 6:26:39 AM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD

Error - 5/6/2013 4:27:23 PM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD

Error - 5/6/2013 5:26:15 PM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/7/2013 6:36:38 AM | Computer Name = OZZIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD


< End of report >

Link to comment
Share on other sites

Not seeing anything on this log particularly on the Chrome extensions.

 

I need you to make a batch file.

 

Open a new Notepad session

[*]Click the Start button, click Run

[*]In the run box type notepad

[*]Click OK

[*]In the notepad, Click "Format" and be certain that Word Wrap is not checked.

[*]Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

@Echo onipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ip reset allshutdown -r -t 1del %0
In the notepad

 

Click File, Save as..., and set the Save in to your Desktop

In the filename box, type (including quotation marks) as the filename: "flush.bat"

Click Save

 

 

You should now have a file on your desktop with an icon like this Posted Image

 

Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, that normal.

 

Let me know if there's any changes.

Link to comment
Share on other sites

Seems like uninstalling Chrome is the only way.

 

uninstall Chrome completely and remove the user folder,

 

then re-install it if you want to keep Chrome

 

C:UsersDavidAppDataLocalGoogleChromeUser Data

you will need to show hidden files and folders to find that folder

 

Also if you have utilized chrome's "sync" ability, that may be bringing the infection back as well

 

you need to uninstall

 

check the section for "delete your synced data from your Google Account " at the bottom of the page

 

http://support.google.com/chrome/bin/answer.py?hl=en&answer=185277

Edited by Conspire
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...