Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Advertisements and Google re-directing...so far. [Solved]

Started by Munien , Nov 03 2012 07:10 AM

  • This topic is locked This topic is locked

#1
Munien
Posted 03 November 2012 - 07:10 AM

Munien

    New Member

  • Member
  • Pip
  • 7 posts
The title says it all really, just started experiencing it today. I have the feeling it is from when I downloaded an extension for Google chrome, stupidly believing it was actually a flash extension (I thought it was a bit iffy). Though it could be anything as I have downloaded some things. Mainly, can't go to anti-virus websites etc, and getting ads on facebook, youtube, etc. that would not normally not be there.

It is not too worrying at the moment but I fear it may get worse or something, so I am really trying to get rid of it. (Ps. I already deleted the extension folder in the appdata/local/google/chrome/user/default/extensions (or whatever it is)).

Thank you!

Below are the OTL logs

OTL logfile created on: 11/3/2012 11:41:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\elijahcoulter\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.90 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 50.35% Memory free
5.80 Gb Paging File | 3.48 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 159.80 Gb Free Space | 35.63% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: ELIJAHS-HP | User Name: elijahcoulter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 23:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
PRC - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/13 17:23:11 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/04/13 17:23:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/04/13 17:23:09 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2012/04/11 02:15:28 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\5.1.10411.0\agcp.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/12/14 12:47:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 12:47:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 18:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/23 03:46:07 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/30 05:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2010/05/21 07:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2010/05/21 07:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2010/04/10 10:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/03/02 04:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/03/02 04:26:40 | 000,256,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/01/09 08:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/09 08:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 21:06:15 | 000,460,312 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/10 21:06:13 | 012,435,992 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 21:06:12 | 004,005,912 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 21:04:57 | 000,578,072 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 21:04:55 | 000,123,928 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 21:04:44 | 000,156,712 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 21:04:43 | 000,275,496 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 21:04:42 | 002,168,360 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/06/15 14:49:43 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/15 14:49:21 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 14:49:09 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/15 14:48:59 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 04:35:56 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 04:35:29 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 04:30:50 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 04:30:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 04:30:26 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 04:29:20 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 04:29:11 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 04:29:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 04:29:06 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 04:28:49 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/15 19:55:06 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012/04/15 19:55:06 | 000,077,368 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012/04/15 19:54:11 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/05 12:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2010/02/10 12:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/10 12:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/10 12:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/10 12:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/10 12:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/10 12:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/10 12:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/10 12:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/23 04:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/23 04:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/23 04:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV - [2012/10/13 00:16:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/11 07:44:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/13 17:23:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/04/13 17:23:09 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/12/14 12:47:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 12:46:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/07 11:17:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/23 03:46:07 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 05:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010/05/21 07:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/05/21 07:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010/05/03 22:47:18 | 002,044,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/02 04:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/01/09 08:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/12/16 07:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 12:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2012/09/19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/04/13 17:23:11 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/18 16:25:32 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/01/03 19:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 19:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 19:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 19:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 16:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/11/20 23:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 23:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 23:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 21:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 20:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 20:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 16:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/01 07:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/07/09 09:44:30 | 000,377,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2010/06/18 11:33:08 | 000,021,376 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmnet.sys -- (BTMNET)
DRV - [2010/05/21 06:55:32 | 000,032,896 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2010/04/28 04:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2010/04/10 10:52:48 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010/03/15 14:44:46 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/02/17 06:24:12 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/14 10:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 09:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/18 18:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/03/17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C2ACEA3C-5C6F-431D-A78C-DDDC4CDF450E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-28 11:43:14&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9D36C133-7EC6-42B8-8FA5-A5948032434B}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\..\SearchScopes\{C2ACEA3C-5C6F-431D-A78C-DDDC4CDF450E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:14&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elijahcoulter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elijahcoulter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\elijahcoulter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/18 05:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/05/16 15:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 22:33:59 | 000,000,000 | ---D | M]

[2011/04/09 11:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Extensions
[2012/08/14 22:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Firefox\Profiles\wykj2twh.default\extensions
[2012/08/14 22:13:44 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Firefox\Profiles\wykj2twh.default\extensions\[email protected]
[2011/12/12 09:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/12 09:32:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/16 22:33:59 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\components\nppopcaploader.dll
[2012/06/12 14:44:09 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/12 09:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 09:32:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\elijahcoulter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Herp Derp for YouTube\u2122 = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioomnmgjblnnolpdgdhebainmfbipjoh\1.4.2_0\
CHR - Extension: Earth = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\
CHR - Extension: FVD Video Downloader = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.9_0\
CHR - Extension: Gmail = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Inveidg] C:\Users\elijahcoulter\AppData\Roaming\Suel\qibio.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.youplay.c...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DD5AA6F-C853-4F15-8D35-BB875A896C3B}: DhcpNameServer = 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06CE74D-F03B-498B-ADE0-92E0FD05C9A5}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\nobuagent.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/26 15:05:18 | 000,206,416 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2012/09/26 15:05:18 | 000,297,180 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{04f2c118-7398-11e0-a4b1-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{04f2c118-7398-11e0-a4b1-1cc1dea767ca}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3dc24f51-60e0-11e0-97bf-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc24f51-60e0-11e0-97bf-1cc1dea767ca}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{57b74ed5-15da-11e2-be0c-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{57b74ed5-15da-11e2-be0c-70f395a40f06}\Shell\AutoRun\command - "" = H:\DVAP.exe
O33 - MountPoints2\{6556ab10-d82f-11e0-977c-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{6556ab10-d82f-11e0-977c-1cc1dea767ca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\{8383fbb5-4ad1-11e0-9a0c-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{8383fbb5-4ad1-11e0-9a0c-70f395a40f06}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{ca81a028-6368-11e0-9cd3-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{ca81a028-6368-11e0-9cd3-70f395a40f06}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\DVAP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 23:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
[2012/11/01 22:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/11/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\InstallShield
[2012/10/31 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012/10/30 21:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/10/30 21:49:40 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\SystemRequirementsLab
[2012/10/30 21:20:12 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\wurm
[2012/10/26 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Desktop\EMILYS PHOTOS FROM SD
[2012/10/26 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Documents\My Spore Creations
[2012/10/26 17:22:17 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\SPORE
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Yqzyy
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Asyzvu
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Apkogi
[2012/10/16 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Toribash
[2012/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/10/12 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Documents\CyberLink
[2012/10/12 21:40:35 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Cyberlink
[2012/10/12 21:40:34 | 000,000,000 | ---D | C] -- C:\My Works
[2012/10/12 21:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/10/12 21:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/10/12 21:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/10/12 21:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/10/10 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Operation Optimization
[2012/10/10 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/03 23:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/03 23:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
[2012/11/03 23:25:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-867254136-3379684773-814447934-1001UA.job
[2012/11/03 22:25:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-867254136-3379684773-814447934-1001Core.job
[2012/11/02 17:03:50 | 000,001,733 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\jvygpjeays4.crx
[2012/11/02 16:34:07 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForelijahcoulter.job
[2012/11/01 22:34:41 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\CoH - Turtle Mod.lnk
[2012/10/27 17:31:16 | 000,020,944 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 17:31:16 | 000,020,944 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 17:30:01 | 001,802,304 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/27 17:30:01 | 000,715,254 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/10/27 17:23:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/27 17:23:45 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 13:39:51 | 000,000,000 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Roaming\DVAP.set
[2012/10/23 13:39:50 | 000,000,026 | ---- | M] () -- C:\windows\DVAP.set
[2012/10/14 19:37:34 | 000,311,536 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/10/10 21:15:03 | 000,000,032 | ---- | M] () -- C:\windows\CD_Start.INI
[2012/10/10 20:25:31 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 17:03:50 | 000,001,733 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Local\jvygpjeays4.crx
[2012/11/01 22:34:41 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\CoH - Turtle Mod.lnk
[2012/10/24 16:14:04 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForelijahcoulter.job
[2012/10/23 13:39:51 | 000,000,000 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Roaming\DVAP.set
[2012/10/23 13:39:50 | 000,000,026 | ---- | C] () -- C:\windows\DVAP.set
[2012/10/12 22:41:53 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2012/10/12 22:41:53 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2012/10/12 22:41:53 | 000,153,088 | ---- | C] () -- C:\windows\System32\xvid.ax
[2012/10/10 07:39:40 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI
[2012/09/23 19:22:40 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012/09/15 17:46:59 | 000,180,624 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2012/08/17 17:08:04 | 000,000,533 | ---- | C] () -- C:\windows\eReg.dat
[2012/08/05 01:03:12 | 000,001,684 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/07/31 12:24:44 | 000,000,034 | ---- | C] () -- C:\windows\DTLite.INI
[2012/05/26 23:31:37 | 000,000,101 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Local\fusioncache.dat
[2012/05/19 20:14:40 | 000,000,024 | ---- | C] () -- C:\Users\elijahcoulter\random.dat
[2011/12/18 12:03:57 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2011/12/09 11:58:57 | 000,001,849 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Roaming\GhostObjGAFix.xml
[2011/07/23 01:46:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/07/17 21:50:31 | 000,209,408 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/06/07 14:45:29 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/04 15:29:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\9F42DC126C.sys
[2011/05/04 15:29:39 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/04/23 20:48:38 | 000,139,128 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/04/23 20:48:31 | 000,215,128 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/04/23 20:48:26 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/04/12 18:47:36 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2011/04/09 12:22:38 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/02/26 14:08:35 | 000,000,832 | ---- | C] () -- C:\windows\GFact.ini
[2011/02/14 17:24:04 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/02/05 07:49:26 | 000,000,038 | ---- | C] () -- C:\windows\wwwbatch.ini

========== ZeroAccess Check ==========

[2009/07/14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/03 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\.minecraft
[2012/05/04 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ableton
[2012/09/11 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Afviw
[2012/10/19 05:00:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Apkogi
[2012/10/24 14:18:10 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Asyzvu
[2012/05/28 12:43:37 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\AVG2012
[2012/07/31 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Beyl
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Buad
[2012/11/03 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Buewr
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ciqoa
[2012/10/01 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cisuos
[2012/02/23 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\CometNetwork
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cuyce
[2012/05/04 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cycling '74
[2012/11/01 15:46:08 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\DAEMON Tools Lite
[2011/12/18 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\digipen
[2011/11/13 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Dropbox
[2012/09/23 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ecuttu
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ervyd
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Faso
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Hauh
[2012/09/30 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Idkoc
[2012/08/30 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Imweuf
[2012/08/05 00:45:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\IObit
[2012/07/31 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Kilyo
[2012/09/23 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Kyix
[2012/09/23 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Laywen
[2011/12/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Lionhead Studios
[2011/06/24 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\MakeMusic
[2012/05/10 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade
[2012/06/11 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade Warband
[2012/07/02 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/21 14:36:47 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\My Battle for Middle-earth Files
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Okenu
[2012/07/31 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Origin
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Owec
[2012/05/07 00:46:10 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PACE Anti-Piracy
[2012/08/31 03:35:54 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Pauki
[2011/07/24 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Petroglyph
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Pexen
[2012/09/30 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Povi
[2012/07/30 23:52:09 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PowerISO
[2012/09/15 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PrimoPDF
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Qituwy
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Qudi
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Riigp
[2011/12/18 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Rovio
[2012/03/07 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Samsung
[2012/06/11 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Sandbox
[2012/10/14 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\SoftGrid Client
[2012/09/15 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Softland
[2012/07/31 14:09:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Sowat
[2012/10/26 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\SPORE
[2012/07/31 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Suel
[2012/04/27 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Synthesia
[2012/10/30 21:49:40 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\SystemRequirementsLab
[2012/08/14 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Systweak
[2012/08/30 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Taibog
[2011/02/04 02:26:30 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\TP
[2012/09/23 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Tropico 3
[2012/06/20 19:25:45 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\ts3overlay
[2012/02/23 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\TuneUp Software
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Udha
[2012/05/24 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Unity
[2012/11/03 23:41:19 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\uTorrent
[2011/05/01 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Vodafone
[2011/04/24 02:13:01 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\WildTangent
[2011/07/19 15:52:12 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Windows Live Writer
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Wuir
[2012/09/13 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Wywa
[2012/09/11 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Xihi
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yllify
[2012/10/19 05:00:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yqzyy
[2012/09/14 11:31:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yvadm

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 11/3/2012 11:41:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\elijahcoulter\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.90 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 50.35% Memory free
5.80 Gb Paging File | 3.48 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 159.80 Gb Free Space | 35.63% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: ELIJAHS-HP | User Name: elijahcoulter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094EF0BD-56E4-49EF-BAF2-3F0D1E774BCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CCA882D-6749-45E9-B5B7-C6ABEC8CF057}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D31806A-0F24-42ED-B33A-6DE183915275}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{226BF0EF-AC93-4335-8247-39AC69D50B87}" = rport=139 | protocol=6 | dir=out | app=system |
"{32EB9BB4-4FE2-4E37-942A-0BC295001657}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A042B88-5ED7-4DD5-BCCC-4299E5A23EC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{405F487E-AF15-49EA-BCCB-D33CBFA75934}" = lport=139 | protocol=6 | dir=in | app=system |
"{46261F30-5BD8-4C48-A783-5200417B1BE6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47689E94-497B-4EFA-A9D1-E4F47EBE4663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5667DEA4-FB15-4EB5-97A7-431C1B6F30AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8AA9B68F-9DAB-4CB1-83FC-BD4CF98A7200}" = lport=56542 | protocol=6 | dir=in | name=pando media booster |
"{8CB2B22B-BF8A-465D-90C1-66F14E280095}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91524561-4AB6-4885-B6C8-A8F333C8E842}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A33343B-6DC4-47FD-93A4-1BD1AE543FF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AF32F719-2FEF-452A-ADA7-E492747C2658}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B35E4428-967E-424F-94DB-4F68A05B22E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B70B9014-2E68-4040-AEF9-400A9FB46A53}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1FB86F6-38E2-4459-A046-AC3EC275868B}" = lport=56542 | protocol=6 | dir=in | name=pando media booster |
"{C5C86B30-E0F5-4458-A348-05DFC372004A}" = lport=445 | protocol=6 | dir=in | app=system |
"{C60CE513-65FD-4683-8A55-E7E25DE30B48}" = lport=56542 | protocol=17 | dir=in | name=pando media booster |
"{CFB38501-DD82-4418-8620-41EF4D1139AE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E22A6671-8043-4356-BBEF-6136D6EE5BEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E933CAA6-858F-4B4A-800B-7BFE7FA0CA9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED6E67F7-D8CC-454F-B738-30D35BD4090F}" = lport=56542 | protocol=17 | dir=in | name=pando media booster |
"{F5E5B6E4-F9EB-48E3-AB99-2A99FCA1D092}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8113D4D-D5B5-427C-B530-C41CF13D341E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8128681-F4AC-4984-BA74-AA33135942B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDFA3684-ADF9-43E1-B9DD-F61934DB647A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A58F84-C775-4B28-9E3B-44F8F5002981}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DF50032-EC07-4E9B-8301-64E80DFE52C8}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe |
"{110A0489-0F4E-491F-B5BA-CF05E86300B0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{12D64EC9-9049-4CB6-A83E-FD735EB2F8A0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1F27A787-106C-4D73-A5BC-3C79DD481A82}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{20935EA5-3758-4F70-956F-5E78205CEC6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{270FC684-2FE3-4D21-824E-E84BB39460F9}" = protocol=58 | dir=out | [email protected],-28546 |
"{28A43F08-52EA-42FF-9E62-E100D5D764ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FA9EEF3-143D-46C1-A0FA-7DB54C40F120}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{3CB7A025-EE72-4AFC-9F65-62B96F8E9847}" = protocol=1 | dir=out | [email protected],-28544 |
"{3DAED5FB-C4B5-4C45-A03A-47900F980C18}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{47DB2D9D-4721-4FA3-BECE-DBB95E069358}" = protocol=6 | dir=in | app=c:\users\elijahcoulter\desktop\utorrent(1).exe |
"{4D43B3D9-D04D-48FA-9E87-55086C127279}" = protocol=6 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{4F63EE7E-FA3A-471C-944C-83158D319920}" = protocol=17 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{551C5C9B-426D-4998-938C-D9150B9D311D}" = protocol=1 | dir=in | [email protected],-28543 |
"{590C6922-FE7B-44E8-836B-81F9308CD389}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5C66F1CA-B67A-4745-AF9A-B00E4C707D60}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{62968A7A-252B-4B6E-9C1F-8A2EF45AD0A3}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe |
"{659B6037-DACA-41D7-B32A-EF49CCB522EC}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{7983C6E2-E885-4A21-9FAD-D549278C1BFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79E0CCC6-8C20-454B-A0A4-FA258580FF86}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"{7BBB73B4-64F5-45FB-A9EE-B6D6AB3E2292}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E7A72FD-E48D-4427-AC1F-CD39D4ABD4AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{832491F4-BC4C-4CAB-80B9-E37B3325D38F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{83FFBEAD-BF67-4187-A7F4-2A4C9D7B6334}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{878957DE-F75A-4022-9904-58A70C3232F3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8A28F8AE-617A-4543-B2C5-78C57D1769E0}" = protocol=17 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{9337B0C0-E084-4230-8ED8-D972BF2DBD24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9841D0D9-F8CE-4388-A092-7FE5AD33CB38}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9AC345E1-9C79-4725-B047-2288664E596D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9AD1B5EE-87A9-4C19-911D-524B862A8F43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A75A647D-3EB0-458D-98A8-531C965F9973}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"{A9135E50-3154-4D7D-A9DA-41D7FF187038}" = protocol=6 | dir=out | app=system |
"{A9985927-34DA-42CC-8087-BABE0FB02818}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A9C57E0C-60DE-454C-8671-2B99010E0CE0}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2B10338-1D55-4B22-839C-940ACD8B4B10}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B43B7DC4-7A0E-47BF-A73C-123A5EDE233E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe |
"{B700E491-1455-47FF-A0B6-9670AD133513}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD27CB87-ADB6-4825-9BBB-740C8F6397B3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4048DD4-216E-4C0C-A2A8-C9DCC831ABB0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C947B327-5D58-481F-BEE5-4D78619F912B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C9DC7DCC-FDCC-40AD-B8DF-1BF653660D65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0D93792-38CF-48CC-BC0C-D26BCC1FD203}" = protocol=17 | dir=in | app=c:\users\elijahcoulter\desktop\utorrent(1).exe |
"{D2F8D142-2359-4C7A-BD52-A3F2F24B1915}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\munien\source sdk base\hl2.exe |
"{DA3DC89C-93A3-4092-80C1-5A5DB5917A6F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\munien\source sdk base\hl2.exe |
"{DADF1BC6-89FB-44F1-A8E6-34DC22F0C1B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB7D9FF5-BF23-46A5-B6FE-3B7E80F29CCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBB05CDD-9C32-4778-A038-9A17EA20E3FC}" = protocol=58 | dir=in | [email protected],-28545 |
"{EEF5BC5A-D6EF-4CBD-988D-835D1029DE98}" = protocol=6 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{F525EAAB-CA40-4D55-B858-0B4B9DD3FD61}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{FD4E0CA7-26F9-4613-BBB9-16267E1F80A0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe |
"{FDF9D8F6-6AD2-4A7E-9C10-3872450DE4F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{07B7994D-82CB-476F-9527-AB8E75EB334C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{0A731C25-A24C-4466-B1B9-2F2A4ED0A605}H:\games\battlefield\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=h:\games\battlefield\battlefield 2\bf2.exe |
"TCP Query User{2AED9644-60E9-4A76-8EE0-2F672D7C286D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4063D512-C73E-49DB-A2EA-6689942AEA50}C:\program files\steam\steamapps\munien\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\munien\source sdk base\hl2.exe |
"TCP Query User{475C2D3C-1516-4CF4-B647-016F99DF2387}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{9171445E-6C9C-427D-A61C-564023859FF4}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{C567904D-5DE0-4AEF-9D4C-0791FA5E52B1}C:\users\elijahcoulter\downloads\utorrent(1).exe" = protocol=6 | dir=in | app=c:\users\elijahcoulter\downloads\utorrent(1).exe |
"TCP Query User{F5E2AB59-FE5E-4C47-805B-52E3E80FDB79}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4CE33C76-8B53-439E-AE0F-E349F76A184A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{6F431D16-CFCF-40BF-B65D-5AE9E53EE62E}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{7D1E9301-FA30-4BA8-8DAA-A4BB6BB7EF43}C:\users\elijahcoulter\downloads\utorrent(1).exe" = protocol=17 | dir=in | app=c:\users\elijahcoulter\downloads\utorrent(1).exe |
"UDP Query User{998E2974-29B0-4E1A-9D71-C96F5E4EAAF6}H:\games\battlefield\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=h:\games\battlefield\battlefield 2\bf2.exe |
"UDP Query User{CE63601E-B248-46AB-BDFA-76F2647E0CEE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D86BADA0-B8BF-4929-87BB-B540EE2E60B2}C:\program files\steam\steamapps\munien\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\munien\source sdk base\hl2.exe |
"UDP Query User{E712B24F-66EA-4BEC-ABD2-3D32FF21D14B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{F4C6C3D8-50E5-4838-B3B3-51DA58E5E062}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{01184386-0ED1-4D4E-ACBB-080166F694F2}" = CoH Turtle Mod
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}" = HP ESU for Microsoft Windows 7
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry's Sweet Treats
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1410C34-CCC7-4443-B698-7E9FF42F4FA3}" = Corel Home Office
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-4 (All Users)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"DAEMON Tools Lite" = DAEMON Tools Lite
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Live 8.1.1" = Live 8.1.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Native Instruments FM8" = Native Instruments FM8
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Operation Optimization_is1" = Operation Optimization v1.1.1
"Origin" = Origin
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
"Steam App 11480" = Soldiers: Heroes of World War II
"Steam App 215" = Source SDK Base 2006
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CometBird 11.0 (x86 en-US)" = CometBird 11.0 (x86 en-US)
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2012 12:40:47 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1435

Error - 11/3/2012 5:41:30 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2012 5:41:30 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1716

Error - 11/3/2012 5:41:30 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1716

Error - 11/3/2012 5:41:33 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2012 5:41:33 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4462

Error - 11/3/2012 5:41:33 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4462

Error - 11/3/2012 5:41:34 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2012 5:41:35 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5507

Error - 11/3/2012 5:41:35 AM | Computer Name = elijahs-hp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5507

[ Hewlett-Packard Events ]
Error - 12/8/2011 8:58:56 PM | Computer Name = elijahs-hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121109115851.xml
File not created by asset agent

Error - 12/15/2011 7:11:14 PM | Computer Name = elijahs-hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121116101110.xml
File not created by asset agent

Error - 12/29/2011 6:53:42 PM | Computer Name = elijahs-hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121130095338.xml
File not created by asset agent

Error - 1/12/2012 6:34:02 PM | Computer Name = elijahs-hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011213093339.xml
File not created by asset agent

Error - 1/12/2012 6:34:20 PM | Computer Name = elijahs-hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011213093402.xml
File not created by asset agent

Error - 8/31/2012 12:25:28 AM | Computer Name = elijahs-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 8/31/2012 12:25:28 AM | Computer Name = elijahs-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 8/31/2012 12:25:28 AM | Computer Name = elijahs-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 9/6/2012 10:59:00 PM | Computer Name = elijahs-hp | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/7a875126_03bd_4dd9_908c_12d0b901f07e/r8rkjxslio_tnbiv1xziwnon_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2972 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 9/20/2012 10:12:14 PM | Computer Name = elijahs-hp | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 2972 Ram Utilization: TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

[ System Events ]
Error - 10/8/2012 5:45:09 AM | Computer Name = elijahs-hp | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 10/9/2012 10:55:17 PM | Computer Name = elijahs-hp | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TuneUp.UtilitiesSvc service.

Error - 10/12/2012 4:01:23 AM | Computer Name = elijahs-hp | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/12/2012 9:23:36 AM | Computer Name = elijahs-hp | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 10/12/2012 9:23:36 AM | Computer Name = elijahs-hp | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 10/13/2012 1:31:17 AM | Computer Name = elijahs-hp | Source = bowser | ID = 8003
Description =

Error - 10/18/2012 2:14:02 AM | Computer Name = elijahs-hp | Source = bowser | ID = 8003
Description =

Error - 10/26/2012 9:57:12 PM | Computer Name = elijahs-hp | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:02:53 PM on ?27/?10/?2012 was unexpected.

Error - 10/27/2012 2:23:51 AM | Computer Name = elijahs-hp | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:13:19 PM on ?27/?10/?2012 was unexpected.

Error - 11/2/2012 2:44:54 AM | Computer Name = elijahs-hp | Source = BROWSER | ID = 8032
Description =


< End of report >


Edit:
After deleting the folder, it appears the ads have gone and everything is going normal apart from the redirects.

Edited by Munien, 03 November 2012 - 07:29 AM.

  • 0

Advertisements

#2
Essexboy
Posted 03 November 2012 - 08:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if this cures the redirects

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O2 - BHO: (no name) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - No CLSID value found.
O4 - HKCU..\Run: [Inveidg] C:\Users\elijahcoulter\AppData\Roaming\Suel\qibio.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2012/10/26 17:22:17 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\SPORE
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Yqzyy
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Asyzvu
[2012/10/19 05:00:28 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Apkogi
[2012/10/16 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Toribash
[2012/10/12 21:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/11/02 17:03:50 | 000,001,733 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\jvygpjeays4.crx
[2012/07/31 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Suel
[2012/09/11 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Xihi
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yllify
[2012/10/19 05:00:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yqzyy
[2012/09/14 11:31:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Yvadm
[2012/09/11 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Afviw
[2012/10/19 05:00:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Apkogi
[2012/10/24 14:18:10 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Asyzvu
[2012/09/23 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ecuttu
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ervyd
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Faso
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Hauh
[2012/09/30 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Idkoc
[2012/08/30 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Imweuf

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
Munien
Posted 03 November 2012 - 10:12 AM

Munien

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the OTL log after rebooting and pressing quick scan

OTL logfile created on: 11/4/2012 3:00:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\elijahcoulter\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.90 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 65.77% Memory free
5.80 Gb Paging File | 4.62 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 163.61 Gb Free Space | 36.48% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: ELIJAHS-HP | User Name: elijahcoulter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 23:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
PRC - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/23 20:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/13 17:23:11 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/04/13 17:23:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/04/13 17:23:09 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/12/14 12:47:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 12:47:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/11/10 20:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 18:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/23 03:46:07 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/30 05:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2010/05/21 07:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2010/05/21 07:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2010/04/10 10:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/03/02 04:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/03/02 04:26:40 | 000,256,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2010/01/09 08:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/09 08:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 21:06:15 | 000,460,312 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/10 21:06:12 | 004,005,912 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 21:04:57 | 000,578,072 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 21:04:55 | 000,123,928 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 21:04:44 | 000,156,712 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 21:04:43 | 000,275,496 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 21:04:42 | 002,168,360 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/06/15 14:49:43 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/15 14:49:21 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 14:49:09 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/15 14:48:59 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 04:35:56 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 04:35:29 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 04:30:50 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 04:30:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 04:30:26 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 04:29:20 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 04:29:11 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 04:29:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 04:29:06 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 04:28:49 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/15 19:55:06 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012/04/15 19:55:06 | 000,077,368 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012/04/15 19:54:11 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/05 12:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/10 12:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/10 12:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/10 12:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/10 12:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/10 12:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/10 12:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/10 12:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/10 12:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/23 04:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/23 04:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/23 04:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV - [2012/10/13 00:16:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/11 07:44:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/13 17:23:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/04/13 17:23:09 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/12/14 12:47:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 12:46:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/07 11:17:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/23 03:46:07 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 05:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010/05/21 07:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/05/21 07:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010/05/03 22:47:18 | 002,044,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/02 04:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/01/09 08:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/12/16 07:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 12:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2012/09/19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/04/13 17:23:11 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/18 16:25:32 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/01/03 19:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 19:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 19:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 19:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 16:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/11/20 23:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 23:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 23:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 21:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 20:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 20:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 16:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/01 07:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/07/09 09:44:30 | 000,377,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2010/06/18 11:33:08 | 000,021,376 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmnet.sys -- (BTMNET)
DRV - [2010/05/21 06:55:32 | 000,032,896 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2010/04/28 04:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2010/04/10 10:52:48 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010/03/15 14:44:46 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/02/17 06:24:12 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/14 10:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 09:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/18 18:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/03/17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C2ACEA3C-5C6F-431D-A78C-DDDC4CDF450E}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-28 11:43:14&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9D36C133-7EC6-42B8-8FA5-A5948032434B}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\..\SearchScopes\{C2ACEA3C-5C6F-431D-A78C-DDDC4CDF450E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:14&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elijahcoulter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elijahcoulter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\elijahcoulter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/18 05:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/05/16 15:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 22:33:59 | 000,000,000 | ---D | M]

[2011/04/09 11:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Extensions
[2012/08/14 22:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Firefox\Profiles\wykj2twh.default\extensions
[2012/08/14 22:13:44 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\elijahcoulter\AppData\Roaming\mozilla\Firefox\Profiles\wykj2twh.default\extensions\[email protected]
[2011/12/12 09:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/12 09:32:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/16 22:33:59 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\components\nppopcaploader.dll
[2012/06/12 14:44:09 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/12 09:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/12 09:32:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\elijahcoulter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Earth = C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\

O1 HOSTS File: ([2012/11/04 02:56:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Inveidg] C:\Users\elijahcoulter\AppData\Roaming\Suel\qibio.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.youplay.c...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DD5AA6F-C853-4F15-8D35-BB875A896C3B}: DhcpNameServer = 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06CE74D-F03B-498B-ADE0-92E0FD05C9A5}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\nobuagent.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/26 15:05:18 | 000,206,416 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2012/09/26 15:05:18 | 000,297,180 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{04f2c118-7398-11e0-a4b1-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{04f2c118-7398-11e0-a4b1-1cc1dea767ca}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3dc24f51-60e0-11e0-97bf-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc24f51-60e0-11e0-97bf-1cc1dea767ca}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{57b74ed5-15da-11e2-be0c-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{57b74ed5-15da-11e2-be0c-70f395a40f06}\Shell\AutoRun\command - "" = H:\DVAP.exe
O33 - MountPoints2\{6556ab10-d82f-11e0-977c-1cc1dea767ca}\Shell - "" = AutoRun
O33 - MountPoints2\{6556ab10-d82f-11e0-977c-1cc1dea767ca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\{8383fbb5-4ad1-11e0-9a0c-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{8383fbb5-4ad1-11e0-9a0c-70f395a40f06}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{ca81a028-6368-11e0-9cd3-70f395a40f06}\Shell - "" = AutoRun
O33 - MountPoints2\{ca81a028-6368-11e0-9cd3-70f395a40f06}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\DVAP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 02:56:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/03 23:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
[2012/11/01 22:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/11/01 22:34:16 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\InstallShield
[2012/10/31 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012/10/30 21:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/10/30 21:49:40 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\SystemRequirementsLab
[2012/10/30 21:20:12 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\wurm
[2012/10/26 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Desktop\EMILYS PHOTOS FROM SD
[2012/10/26 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Documents\My Spore Creations
[2012/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/10/12 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\Documents\CyberLink
[2012/10/12 21:40:35 | 000,000,000 | ---D | C] -- C:\Users\elijahcoulter\AppData\Roaming\Cyberlink
[2012/10/12 21:40:34 | 000,000,000 | ---D | C] -- C:\My Works
[2012/10/12 21:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/10/12 21:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/10/12 21:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/10/10 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Operation Optimization
[2012/10/10 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager

========== Files - Modified Within 30 Days ==========

[2012/11/04 03:05:40 | 001,840,832 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/04 03:05:40 | 000,734,922 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/04 03:00:38 | 000,540,977 | ---- | M] () -- C:\Users\elijahcoulter\Desktop\adwcleaner.exe
[2012/11/04 02:58:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/04 02:58:20 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 02:56:42 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/04 02:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 02:25:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-867254136-3379684773-814447934-1001UA.job
[2012/11/04 00:08:09 | 000,020,944 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 00:08:08 | 000,020,944 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 00:00:22 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForelijahcoulter.job
[2012/11/03 23:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\elijahcoulter\Desktop\OTL.exe
[2012/11/03 22:25:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-867254136-3379684773-814447934-1001Core.job
[2012/11/01 22:34:41 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\CoH - Turtle Mod.lnk
[2012/10/23 13:39:51 | 000,000,000 | ---- | M] () -- C:\Users\elijahcoulter\AppData\Roaming\DVAP.set
[2012/10/23 13:39:50 | 000,000,026 | ---- | M] () -- C:\windows\DVAP.set
[2012/10/14 19:37:34 | 000,311,536 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/10/10 21:15:03 | 000,000,032 | ---- | M] () -- C:\windows\CD_Start.INI
[2012/10/10 20:25:31 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini

========== Files Created - No Company Name ==========

[2012/11/04 03:00:34 | 000,540,977 | ---- | C] () -- C:\Users\elijahcoulter\Desktop\adwcleaner.exe
[2012/11/01 22:34:41 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\CoH - Turtle Mod.lnk
[2012/10/24 16:14:04 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForelijahcoulter.job
[2012/10/23 13:39:51 | 000,000,000 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Roaming\DVAP.set
[2012/10/23 13:39:50 | 000,000,026 | ---- | C] () -- C:\windows\DVAP.set
[2012/10/12 22:41:53 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2012/10/12 22:41:53 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2012/10/12 22:41:53 | 000,153,088 | ---- | C] () -- C:\windows\System32\xvid.ax
[2012/10/10 07:39:40 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI
[2012/09/23 19:22:40 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012/09/15 17:46:59 | 000,180,624 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2012/08/17 17:08:04 | 000,000,533 | ---- | C] () -- C:\windows\eReg.dat
[2012/08/05 01:03:12 | 000,001,684 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/07/31 12:24:44 | 000,000,034 | ---- | C] () -- C:\windows\DTLite.INI
[2012/05/26 23:31:37 | 000,000,101 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Local\fusioncache.dat
[2012/05/19 20:14:40 | 000,000,024 | ---- | C] () -- C:\Users\elijahcoulter\random.dat
[2011/12/18 12:03:57 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2011/12/09 11:58:57 | 000,001,849 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Roaming\GhostObjGAFix.xml
[2011/07/23 01:46:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/07/17 21:50:31 | 000,209,408 | ---- | C] () -- C:\Users\elijahcoulter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/06/07 14:45:29 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/04 15:29:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\9F42DC126C.sys
[2011/05/04 15:29:39 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/04/23 20:48:38 | 000,139,128 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/04/23 20:48:31 | 000,215,128 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/04/23 20:48:26 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/04/12 18:47:36 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2011/04/09 12:22:38 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/02/26 14:08:35 | 000,000,832 | ---- | C] () -- C:\windows\GFact.ini
[2011/02/14 17:24:04 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/02/05 07:49:26 | 000,000,038 | ---- | C] () -- C:\windows\wwwbatch.ini

========== ZeroAccess Check ==========

[2009/07/14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/03 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\.minecraft
[2012/05/04 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ableton
[2012/05/28 12:43:37 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\AVG2012
[2012/07/31 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Beyl
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Buad
[2012/11/04 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Buewr
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Ciqoa
[2012/10/01 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cisuos
[2012/02/23 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\CometNetwork
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cuyce
[2012/05/04 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Cycling '74
[2012/11/04 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\DAEMON Tools Lite
[2011/12/18 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\digipen
[2011/11/13 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Dropbox
[2012/08/05 00:45:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\IObit
[2012/07/31 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Kilyo
[2012/09/23 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Kyix
[2012/09/23 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Laywen
[2011/12/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Lionhead Studios
[2011/06/24 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\MakeMusic
[2012/05/10 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade
[2012/06/11 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade Warband
[2012/07/02 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/21 14:36:47 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\My Battle for Middle-earth Files
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Okenu
[2012/07/31 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Origin
[2012/09/15 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Owec
[2012/05/07 00:46:10 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PACE Anti-Piracy
[2012/08/31 03:35:54 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Pauki
[2011/07/24 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Petroglyph
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Pexen
[2012/09/30 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Povi
[2012/07/30 23:52:09 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PowerISO
[2012/09/15 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\PrimoPDF
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Qituwy
[2012/08/09 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Qudi
[2012/09/15 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Riigp
[2011/12/18 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Rovio
[2012/03/07 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Samsung
[2012/06/11 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Sandbox
[2012/11/03 23:59:05 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\SoftGrid Client
[2012/09/15 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Softland
[2012/07/31 14:09:14 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Sowat
[2012/04/27 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Synthesia
[2012/10/30 21:49:40 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\SystemRequirementsLab
[2012/08/14 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Systweak
[2012/08/30 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Taibog
[2011/02/04 02:26:30 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\TP
[2012/09/23 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Tropico 3
[2012/06/20 19:25:45 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\ts3overlay
[2012/02/23 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\TuneUp Software
[2012/08/30 03:28:31 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Udha
[2012/05/24 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Unity
[2012/11/03 23:41:19 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\uTorrent
[2011/05/01 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Vodafone
[2011/04/24 02:13:01 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\WildTangent
[2011/07/19 15:52:12 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Windows Live Writer
[2012/09/15 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Wuir
[2012/09/13 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\elijahcoulter\AppData\Roaming\Wywa

========== Purity Check ==========



< End of report >
  • 0

#4
Munien
Posted 03 November 2012 - 10:16 AM

Munien

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
And here's the log after rebooting from the AdwCleaner

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 03:12:54
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : elijahcoulter - ELIJAHS-HP
# Boot Mode : Normal
# Running from : C:\Users\elijahcoulter\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v8.0.1 (en-US)

Profile name : default
File : C:\Users\elijahcoulter\AppData\Roaming\Mozilla\Firefox\Profiles\wykj2twh.default\prefs.js

C:\Users\elijahcoulter\AppData\Roaming\Mozilla\Firefox\Profiles\wykj2twh.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B6830490a-f2de-4249-8700-b9d7290a1fad%[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\elijahcoulter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2796 octets] - [04/11/2012 03:12:54]

########## EOF - C:\AdwCleaner[S1].txt - [2856 octets] ##########
  • 0

#5
Essexboy
Posted 03 November 2012 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the ads and redirects still apparent ?
  • 0

#6
Munien
Posted 03 November 2012 - 05:39 PM

Munien

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No, everything seems back to normal!
  • 0

#7
Essexboy
Posted 04 November 2012 - 05:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and select Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#8
Essexboy
Posted 06 November 2012 - 09:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP