Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My antivirus says TR\Crypt.ZPACK.Gen7 is a problem [Solved]


  • This topic is locked This topic is locked

#1
quadine

quadine

    New Member

  • Member
  • Pip
  • 6 posts
My AV says C:\users\douche\AppData\roaming\rdhdr.dll is a problem.
I was already getting a ton of popups then one day I opened an email
that I thought was one I was expecting and much to my chagrin, 'twas
a virus. It has changed my Mozilla theme and when it first happened I
couldnt do anything because some sort of security program was preventing
my "infected" files (mozilla etc.) from running. I then ran a scan and
it found some stuff and deleted it. Now I am able to use my computer
pretty much normally aside from the popups and no firefox themes.
From time to time my AV will detect the virus or whatever it is that
I listed in the title. I am running windows 7 and am using antivir antivirus
and spywareblaster anti spyware. Here is my OTL log





OTL logfile created on: 4/2/2013 8:59:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\douche\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 69.25% Memory free
16.00 Gb Paging File | 13.27 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.64 Gb Total Space | 789.71 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
Drive D: | 12.77 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1141.29 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive K: | 7.27 Gb Total Space | 6.86 Gb Free Space | 94.30% Space Free | Partition Type: FAT32

Computer Name: DOUCHE-HP | User Name: douche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
PRC - [2013/03/26 21:41:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2013/03/26 21:41:16 | 000,017,304 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
PRC - [2013/03/13 01:55:12 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/14 15:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2012/08/16 20:38:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/17 15:35:32 | 002,037,096 | ---- | M] (Ralink Technology, Inc.) -- C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
PRC - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/21 18:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/26 21:41:16 | 003,147,672 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\mozjs.dll
MOD - [2013/03/13 01:55:12 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/01 08:44:05 | 000,514,048 | ---- | M] () -- C:\Users\douche\AppData\Roaming\rdhtr.dll
MOD - [2013/02/14 03:27:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/12 03:37:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/12 03:31:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/12 03:31:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 03:31:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7a1844283caf3216c346c268cb373b5d\System.Data.ni.dll
MOD - [2013/01/12 03:31:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/12 03:30:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 03:30:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/12 03:30:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/12 03:30:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 03:30:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/12 03:30:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 03:30:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/14 15:42:22 | 000,077,768 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll
MOD - [2012/12/14 15:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files (x86)\Vuze\aereg.dll
MOD - [2012/12/14 15:42:22 | 000,019,368 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2012/11/25 16:49:21 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/12 22:45:06 | 001,087,336 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
MOD - [2011/11/16 21:24:51 | 000,028,160 | ---- | M] () -- C:\Users\douche\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/08 11:48:51 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/01 21:00:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 21:41:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 01:55:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/12 23:01:12 | 000,447,488 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 17:53:38 | 000,625,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/04/01 13:10:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/29 21:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/10 13:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/05/08 08:51:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 08:51:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 21:00:23 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/01 21:00:18 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/01 21:00:18 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/03 05:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010/04/07 17:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 22:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 22:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPCON/4"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/15 14:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\douche\AppData\Local\RewardsArcade\498\Firefox [2011/12/19 05:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/12 14:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]

[2011/01/15 14:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Extensions
[2013/03/01 08:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions
[2011/01/15 14:35:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/02/24 00:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/10 18:16:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/09/15 12:17:49 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\[email protected]
[2013/03/31 17:05:15 | 000,004,039 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{95af3f23-7446-4c0e-af71-4745bcef4adc}.xpi
[2012/12/29 11:01:42 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\crossrider
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [dganut] rundll32.exe "C:\Users\douche\AppData\Roaming\dganut.dll",Restore File not found
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [jksufkwq] "C:\Users\douche\AppData\Local\oesxwrxm.exe" File not found
O4 - HKCU..\Run: [rdhtr] C:\Users\douche\AppData\Roaming\rdhtr.dll ()
O4 - HKCU..\Run: [WeatherEye] C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\douche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A518D21-C914-457F-8D49-B72527B3C776}: DhcpNameServer = 142.165.21.5 142.165.200.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8B02E6-A7C4-4883-ACF2-B330E47CE3E4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 08:56:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/03/31 17:06:06 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{843B5954-ED46-458D-BEEE-48CC50287E56}
[2013/03/29 21:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/26 21:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9
[2013/03/21 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{73D474BD-36F9-477D-B90E-15B4578DC182}
[2013/03/13 03:22:08 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{557702E6-4735-421A-98F5-B6E1800121C4}
[2013/03/11 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{382B501B-5C04-440B-9796-D6B55015646A}
[2013/03/11 11:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/07 19:30:51 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{26AD0EAA-BB4B-447B-B9B7-A26E224412D3}
[2013/03/07 19:26:02 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:03 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 09:04:52 | 000,006,526 | ---- | M] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx
[2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/04/02 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 08:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/01 18:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/01 11:30:17 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/01 11:30:17 | 000,628,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/01 11:30:17 | 000,110,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/31 17:13:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 17:13:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 17:05:02 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/03/31 17:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/31 17:02:57 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/29 21:35:42 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:27 | 000,105,165 | ---- | M] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/28 08:41:25 | 000,002,109 | ---- | M] () -- C:\Users\douche\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 9.lnk
[2013/03/27 21:38:33 | 000,073,542 | ---- | M] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | M] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/21 03:17:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordouche.job
[2013/03/14 17:49:37 | 000,113,801 | ---- | M] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:44 | 000,125,647 | ---- | M] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/07 19:26:16 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/29 21:35:42 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:26 | 000,105,165 | ---- | C] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/27 21:38:33 | 000,073,542 | ---- | C] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | C] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/19 13:22:22 | 000,006,526 | ---- | C] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx
[2013/03/14 17:49:36 | 000,113,801 | ---- | C] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:42 | 000,125,647 | ---- | C] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/01 08:51:36 | 000,046,558 | ---- | C] () -- C:\Users\douche\AppData\Local\orvruskm
[2013/03/01 08:49:34 | 000,000,000 | ---- | C] () -- C:\Users\douche\AppData\Roaming\SharedSettings.ccs
[2013/03/01 08:44:01 | 000,514,048 | ---- | C] () -- C:\Users\douche\AppData\Roaming\rdhtr.dll
[2012/08/06 10:13:30 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/08/06 10:13:29 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/19 20:53:12 | 000,007,680 | ---- | C] () -- C:\Users\douche\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 01:53:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/15 19:37:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/18 16:06:27 | 000,001,854 | ---- | C] () -- C:\Users\douche\AppData\Roaming\GhostObjGAFix.xml

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/30 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\5300 Series
[2013/04/02 09:10:20 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Azureus
[2011/04/01 10:40:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\FrostWire
[2011/01/14 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Lexmark Productivity Studio
[2012/09/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Nico Mak Computing
[2011/04/08 11:50:21 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\OpenOffice.org
[2010/12/10 23:39:37 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\PictureMover
[2011/04/14 09:38:32 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Research In Motion
[2012/05/03 09:01:11 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Samsung
[2011/04/10 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\SoftGrid Client
[2011/03/21 20:10:40 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TP
[2013/03/29 23:49:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TuneUpMedia
[2013/02/10 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\uTorrent
[2010/12/11 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\WinBatch
[2011/02/01 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:9033BDFB
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3F2212BB

< End of report >






Also it gave me this "extras" log



OTL Extras logfile created on: 4/2/2013 8:59:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\douche\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 69.25% Memory free
16.00 Gb Paging File | 13.27 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.64 Gb Total Space | 789.71 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
Drive D: | 12.77 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1141.29 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive K: | 7.27 Gb Total Space | 6.86 Gb Free Space | 94.30% Space Free | Partition Type: FAT32

Computer Name: DOUCHE-HP | User Name: douche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163206F-541D-4F13-844B-528F774C1768}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{05A50961-5FB2-407E-81AC-A4EA170E322E}" = rport=137 | protocol=17 | dir=out | app=system |
"{07C49325-B7D6-4165-A0B4-D95E7D9F9DA6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0C5C5D81-5346-4A77-8CC8-1CE1E470AFD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19442926-B4F6-4B5A-BB34-667A881132E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CC25E08-4AF6-4317-92CC-5BAEDAEC586F}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CD4EC23-0A0B-4E21-9AB5-356141E8FDF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F33E899-5B18-4DAE-9321-FB396857D8D3}" = rport=445 | protocol=6 | dir=out | app=system |
"{219F8809-AF68-4038-B879-B959BA6F9271}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2AD384B4-3BDF-4DF2-A22E-20DFABEA3A17}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BFD956F-E2BF-4BA6-A09D-78C31A941501}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{3889A925-63B2-43D3-ACE2-C67E9A21E981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3897B48F-5A3D-47E6-AFCC-649554B9EA7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{436EEE15-A73D-4237-A066-3B9F3B8676EB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4A9AC773-4F8D-4203-9FFC-C92C57A9E52E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F22E41C-B2F2-415A-9538-73BC1DCBB1B0}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{5DDF5AB7-04A6-41A3-9FC6-CCEC0F299EE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{609B011C-9D13-4F8D-A699-56436CA60E83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66840258-D6E1-4B07-BCF7-03103C1B21A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75C1728A-930C-49A8-9C07-00CDE01E2A1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76A0A953-1097-4175-ADED-CECB446CB264}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7CB1D458-5A7E-45A5-B19D-1F8627CBC2E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BDD841B-899B-4563-819F-562423713765}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DD74CDB-FCE1-4828-B0E8-30319461BF24}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9AF348DC-B14C-4E37-A4B0-B06F7308672E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BDF45F1-8DDA-4812-8F7A-1784ED2964CD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9CCC3230-94EC-4F3A-8323-7349BF526F7A}" = lport=445 | protocol=6 | dir=in | app=system |
"{B16CDEE5-6C01-403C-BDF0-DF416BF9BFA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3F95DA5-8438-4521-A89D-B23C3F094179}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B5C21C27-7DDD-4A48-8917-36141B2BFAEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC12911D-4A6E-422F-82C1-B4A39D2DA4DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD71E21F-792D-41C4-BD13-06230671413C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{CB4DF4B3-15BC-407F-A59C-9CA7F14DC7AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{DBF4EC5E-7249-4DFB-A8A7-0F29A90E000E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E86A7EC1-0A9E-46A8-92E2-F190CCFCA2F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E9D264FF-AA10-4481-9E42-06F600E4A4F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB7A3E07-51AC-4D1C-B1A6-E9E936368A0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDA65B09-FF72-44AF-BD78-6C3951D038C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE2148E9-A1EE-4D12-9626-9DCCB358E34D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3676CC1-CEC9-47FA-B1FF-D89E9F53F162}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB459D3B-3843-46EF-A33C-93B310724D90}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6BC79-0780-411E-9DC8-C8C436907CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{02357F61-7557-496A-81F0-86D68306A9DB}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\rawifi.exe |
"{037707F2-353B-45FE-9148-BD6F4160EB89}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0394FA68-379D-41C2-A876-5FECB3803DEC}" = protocol=58 | dir=out | [email protected],-28546 |
"{05C154B0-471B-40C0-9067-A3945D1A5CD6}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{081CEB7D-D6C8-4D65-8FFC-7A9C1B2DD49A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkmon.exe |
"{0D464D4F-0681-414C-9890-451F0313ABE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11A281C8-9B88-4F44-9A5B-8602CED1C764}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5300 series\frun.exe |
"{14020D97-5D88-44DE-8EFF-900A74B39631}" = protocol=6 | dir=out | app=system |
"{1A30F0B1-F65C-46CF-8D39-09CDF267E00E}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{1F76A802-B5C0-4556-9662-038B9C3D0862}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkmon.exe |
"{24297171-0370-4E48-86BF-9B4D9FE07519}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25878DB6-9C58-4669-9A06-FB1D30F6AEF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DF19BC8-812E-4B8E-8E2D-7537FEAA6838}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32847808-7D32-4DC0-9AD3-4E4AECC918BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C613559-A32C-4582-94A2-45414F824868}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5300 series\frun.exe |
"{4C0337A9-A6EB-494F-BFBE-1F08121B9DF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C9A7421-C1A7-4EE5-B1BF-AC32C3B607AE}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkamon.exe |
"{5080A206-BAC5-4D08-9ECF-F0493F077AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{52D14B9A-58A2-41DA-98AD-4EEECDCF9004}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{586AD9CC-E3A5-43FC-9E1D-7E5ABD34F667}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58A17954-0817-4571-861B-8E5CE8A0CA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkfax.exe |
"{5A0C5A12-C01D-4079-B361-0C9E86D8C946}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkamon.exe |
"{601436CC-029F-4E05-B461-70659D9E8DAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6263E07B-A185-47A2-9309-7E0EED518B0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{639F7BD0-633F-49F1-AEDD-C8471853A6A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{66E7C6F4-DD96-4B90-8777-0080896537D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6703B2ED-B48D-48A7-A608-952588F58B94}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{6881A301-9032-4CCC-A134-04BAC16B5F50}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{697FEF50-AB8F-4C4B-808E-149A3743A380}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E1E9B0D-4915-417F-BF69-25834509B1C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{6FA79E54-95AD-4621-9075-77C026A32837}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73B43A3B-1B42-4E66-8EB6-33D9171DFF9B}" = protocol=1 | dir=in | [email protected],-28543 |
"{73F2EA21-FE6C-41DA-A68B-9CA3B1E24424}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{76323FE9-0610-415E-BF6F-AC1A1B1D6C77}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{7727AAD6-5774-4268-8E18-6117D7086137}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{7DFBDA0D-FDD0-4C45-9389-FCDCA0A05B79}" = protocol=6 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{7FDD9D16-F4BE-45AB-B396-397D8985F75A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{858C4DEB-22E3-4A96-AC0F-BDB4E9CBBB0C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{89E4AE6F-C32D-43C2-8880-E55DD1BFD480}" = protocol=17 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{89F009AA-DFF1-49AD-9EDC-42411464AD4E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdktime.exe |
"{8CB57DA7-8DD0-49C8-9A7C-C464A99AA681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{920ACABE-310F-47C4-9CC3-1F76BD5CC6E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{921BF021-EC61-4B3C-A02A-89525134744F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{92E06684-2B64-4D05-A62B-884DAF433F32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{97610306-B358-4235-9552-849195F18067}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9EE31DC3-3115-49CC-AC9A-D693BEF1C4FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A16B4AA6-72A5-490D-B965-5981062718EE}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{A5FA3E6C-D1E0-486A-A6F8-58AD8AC6B29E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdktime.exe |
"{A7A9F27A-5164-4887-B49A-19949A2E5291}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{B4A61EB7-930D-4465-942C-8CA286713C19}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdkcoms.exe |
"{B4B28136-6033-42E3-A0E1-B7412899187D}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6B82CA5-35F1-4294-B24E-6845075BD2FA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B81116DD-E86E-4C04-BC9B-CD2C3592327C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdkpswx.exe |
"{BA9F9AAC-52EB-4E9A-996A-D66FABF9EEB1}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{BAEA07AF-E3C2-4DBE-8C4A-966599B76C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{BC9C95F3-CB37-4CF7-A4D6-BCD9B874D1A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\rawifi.exe |
"{C1205772-D7BF-4823-BB33-CF8C27692CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C26849BD-098D-4B1A-B72A-4CEEA9732D8D}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{C27171BA-767A-48F0-A6F8-D682A76EF23C}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C2E966BF-8F5E-4E18-989F-078C8959B090}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{C3EA0CA3-6817-4338-9055-99CC5366022A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBCF3D4A-7839-4810-83DD-E6337DEE886D}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkfax.exe |
"{CF5F8298-3F97-47BF-BF9D-3497C32C9458}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D2EF5CA1-4D6A-469F-9B19-4A9576642357}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D57C7DEA-5F21-4AD8-9683-712177FA44B2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdkpswx.exe |
"{D9E22DB4-9247-4337-A141-3EE8071F1324}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdkcoms.exe |
"{DE150288-38B3-411F-A200-0ED6075A7499}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E0FD4F57-C110-4AEE-980B-14D6E5798D8E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E77C4A76-EB30-4261-B72E-390A474F17B0}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E9C431C3-3B61-4F22-BFD6-1E02ED1480F3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{ECE61129-483E-4C3F-88FC-0081811B28EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED70E6F4-259E-4B89-A3E5-2166C6AF1FC9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{F6C7CD87-8FFC-4B35-80E1-46A84D3F02C4}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{6DA6F3BF-C303-4597-8839-3101FA0A57A0}C:\program files (x86)\lexmark 5300 series\lxdkmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkmon.exe |
"UDP Query User{E24B8672-38F6-4843-B09E-546F0D1E4ED0}C:\program files (x86)\lexmark 5300 series\lxdkmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5300 series\lxdkmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{58F369B9-E0E8-A7D0-E25B-E2661E33AACC}" = AMD Catalyst Install Manager
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63E44BFE-0E8E-FCDA-D074-D044B8C6FA7F}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02A73CC0-14AD-ACBB-2228-6171E6CC9F0B}" = CCC Help English
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A6C5904-5F82-02D1-F179-CD39E57A8175}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B571E35-11CE-C580-5336-854A0E67752A}" = CCC Help Dutch
"{0D3B83D2-CB54-3E79-EAB9-D237C8F86B8B}" = CCC Help Spanish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{155BE7B4-AF9B-CE38-77B1-7CB2E5A3503B}" = CCC Help Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C9226E9-2E60-0596-E174-81F178E6BBF6}" = CCC Help Chinese Traditional
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E45D838-CCBE-5100-FCD6-35AD40376333}" = CCC Help Polish
"{1EC2EDF7-F10C-43D4-941B-57CDE4652031}" = hppCP1020LaserJetService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24AB4470-F397-F384-DF60-751662BBE6D7}" = CCC Help Korean
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{38BD84CF-3B1D-2982-096F-FC2080818AA3}" = CCC Help Norwegian
"{3DB77A89-EBD3-780F-9C1A-209803B13E5F}" = AMD VISION Engine Control Center
"{3E6F1CD9-5BCE-DA11-B4B4-5946688B11FB}" = CCC Help Chinese Standard
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48549B35-722F-981C-6FA8-60BAF5C9F0AC}" = HydraVision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAFEF8A-7480-C41C-AA08-479A7D48289D}" = Catalyst Control Center Graphics Previews Common
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53BE2698-3558-77EE-471E-B602DDC9E0E0}" = CCC Help Finnish
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}" = HPLaserJetHelp_LearnCenter
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78867899-E5F6-1CCF-D05C-F2A1F024D24E}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809C0EEE-4B79-463E-6A0C-C0868811F837}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink 802.11n Wireless LAN Card
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{969CB4FB-C9DC-CADB-2AEB-704C9C290A35}" = Catalyst Control Center Profiles Desktop
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A56FFFCA-F2FD-F15D-4DAD-11CD99976972}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACDE3E85-CB61-48D8-B19B-F6D6AA0AA62A}" = Catalyst Control Center - Branding
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C37D1497-5158-F05D-2157-C9FDD9F6F981}" = CCC Help German
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5B8EDBB-A327-443B-5DC6-72E8D6039568}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAB8128-0A44-4A40-24FA-B0FD9A813D51}" = CCC Help Thai
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3CBF4E2-3867-7F36-BEEF-034855248651}" = CCC Help Portuguese
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8E8283E-5FEF-3B4F-77CB-0A2E308E927B}" = CCC Help Hungarian
"{EABEDA07-9421-0B47-EAA9-325377963238}" = CCC Help Greek
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF540BDF-00EF-5607-5ADF-CF7635ABAA74}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2371B1C-C4B8-E13E-F151-DE295FBF8C0F}" = CCC Help Danish
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F5A846C4-7970-7C65-352B-606C8D376EDB}" = CCC Help Italian
"{FA5CC407-E4B8-FEFD-B03C-2058C7FF20F7}" = CCC Help Russian
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"BFG-Zumas Revenge - Adventure" = Zuma's Revenge - Adventure
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"DivX Setup" = DivX Setup
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TuneUpMedia" = TuneUp 2.4.6.4
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WTA-7d235b9e-1e26-438d-8393-fcc8aa94869e" = Bejeweled 3
"WTA-ede3086c-f8e1-495a-ab7e-7c8cb56c5ad3" = Zuma's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RewardsArcade" = RewardsArcade
"WeatherEye" = WeatherEye

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2012 5:20:33 AM | Computer Name = douche-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPLaserJetService.exe, version: 2.15.599.0,
time stamp: 0x4cc5ee57 Faulting module name: hppccompio.DLL, version: 1.3.0.24,
time stamp: 0x4c9685d0 Exception code: 0xc0000417 Fault offset: 0x000073bf Faulting
process id: 0x6ac Faulting application start time: 0x01cddf5c5575dd8f Faulting application
path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe Faulting
module path: C:\Windows\system32\hppccompio.DLL Report Id: abb0fa9d-4b4f-11e2-b56c-d48564a489ed

Error - 12/21/2012 5:30:45 AM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/24/2012 9:22:00 AM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/26/2012 1:41:29 AM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/28/2012 9:32:05 PM | Computer Name = douche-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPLaserJetService.exe, version: 2.15.599.0,
time stamp: 0x4cc5ee57 Faulting module name: hppccompio.DLL, version: 1.3.0.24,
time stamp: 0x4c9685d0 Exception code: 0xc0000417 Fault offset: 0x000073bf Faulting
process id: 0x80c Faulting application start time: 0x01cde5642e6f8ce0 Faulting application
path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe Faulting
module path: C:\Windows\system32\hppccompio.DLL Report Id: 8d26a24b-5157-11e2-a865-d48564a489ed

Error - 1/11/2013 2:32:22 PM | Computer Name = douche-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPLaserJetService.exe, version: 2.15.599.0,
time stamp: 0x4cc5ee57 Faulting module name: hppccompio.DLL, version: 1.3.0.24,
time stamp: 0x4c9685d0 Exception code: 0xc0000417 Fault offset: 0x000073bf Faulting
process id: 0x804 Faulting application start time: 0x01cdf029de78bee6 Faulting application
path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe Faulting
module path: C:\Windows\system32\hppccompio.DLL Report Id: 3c864dcd-5c1d-11e2-a790-d48564a489ed

Error - 1/11/2013 2:48:39 PM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 1/12/2013 5:25:55 AM | Computer Name = douche-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPLaserJetService.exe, version: 2.15.599.0,
time stamp: 0x4cc5ee57 Faulting module name: hppccompio.DLL, version: 1.3.0.24,
time stamp: 0x4c9685d0 Exception code: 0xc0000417 Fault offset: 0x000073bf Faulting
process id: 0x6cc Faulting application start time: 0x01cdf0a6bcc02065 Faulting application
path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe Faulting
module path: C:\Windows\system32\hppccompio.DLL Report Id: 103aa624-5c9a-11e2-93df-d48564a489ed

Error - 2/11/2013 9:12:01 AM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 2/14/2013 5:23:51 AM | Computer Name = douche-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPLaserJetService.exe, version: 2.15.599.0,
time stamp: 0x4cc5ee57 Faulting module name: hppccompio.DLL, version: 1.3.0.24,
time stamp: 0x4c9685d0 Exception code: 0xc0000417 Fault offset: 0x000073bf Faulting
process id: 0x6b8 Faulting application start time: 0x01ce0a94eaa162d8 Faulting application
path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe Faulting
module path: C:\Windows\system32\hppccompio.DLL Report Id: 3e52a83c-7688-11e2-8948-d48564a489ed

Error - 2/16/2013 1:17:27 AM | Computer Name = douche-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

[ Hewlett-Packard Events ]
Error - 4/30/2011 6:22:46 PM | Computer Name = douche-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041130042243.xml
File not created by asset agent

Error - 6/18/2011 6:06:27 PM | Computer Name = douche-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061118040624.xml
File not created by asset agent

Error - 11/10/2011 3:31:54 AM | Computer Name = douche-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/db4b0615_c275_401a_8b40_5389f8a87988/h7cpsgz25j4xvtfk4z6_wb2f_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8191 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 5/12/2012 11:32:26 AM | Computer Name = douche-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/12/2012 11:32:26 AM | Computer Name = douche-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 11:25:21 AM | Computer Name = douche-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 11:25:21 AM | Computer Name = douche-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 9/14/2012 2:21:26 AM | Computer Name = douche-HP | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 3/18/2013 2:54:30 AM | Computer Name = douche-HP | Source = DCOM | ID = 10010
Description =

Error - 3/19/2013 3:54:30 AM | Computer Name = douche-HP | Source = DCOM | ID = 10010
Description =

Error - 3/21/2013 5:18:23 AM | Computer Name = douche-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Ralink
UPnP Media Server service to connect.

Error - 3/21/2013 5:18:38 AM | Computer Name = douche-HP | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/21/2013 10:54:30 AM | Computer Name = douche-HP | Source = DCOM | ID = 10010
Description =

Error - 3/31/2013 4:28:40 PM | Computer Name = douche-HP | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume New Volume encountered
a non-retryable error and could not start. The data contains the error code.

Error - 3/31/2013 4:28:40 PM | Computer Name = douche-HP | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume K:.

Error - 3/31/2013 7:04:08 PM | Computer Name = douche-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:01:17 PM on ?31/?03/?2013 was unexpected.

Error - 3/31/2013 7:05:38 PM | Computer Name = douche-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Ralink
UPnP Media Server service to connect.

Error - 3/31/2013 7:06:11 PM | Computer Name = douche-HP | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can kill this once and for all

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\douche\AppData\Local\RewardsArcade\498\Firefox [2011/12/19 05:35:44 | 000,000,000 | ---D | M]
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps)
O4 - HKCU..\Run: [dganut] rundll32.exe "C:\Users\douche\AppData\Roaming\dganut.dll",Restore File not found
O4 - HKCU..\Run: [jksufkwq] "C:\Users\douche\AppData\Local\oesxwrxm.exe" File not found
O4 - HKCU..\Run: [rdhtr] C:\Users\douche\AppData\Roaming\rdhtr.dll ()
[2013/04/02 09:04:52 | 000,006,526 | ---- | M] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
quadine

quadine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok so i did both of those things heres the otl log but when i ran the adw cleaner and rebooted it wouldnt let me open the log file so i dont know where to retrieve it from


OTL logfile created on: 4/2/2013 3:58:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\douche\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.31% Memory free
16.00 Gb Paging File | 13.95 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.64 Gb Total Space | 792.04 Gb Free Space | 86.22% Space Free | Partition Type: NTFS
Drive D: | 12.77 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1141.29 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive K: | 7.27 Gb Total Space | 6.86 Gb Free Space | 94.30% Space Free | Partition Type: FAT32

Computer Name: DOUCHE-HP | User Name: douche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
PRC - [2013/03/26 21:41:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2012/08/16 20:38:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/17 15:35:32 | 002,037,096 | ---- | M] (Ralink Technology, Inc.) -- C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
PRC - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/21 18:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/26 21:41:16 | 003,147,672 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\mozjs.dll
MOD - [2013/02/14 03:27:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/12 03:37:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/12 03:31:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/12 03:31:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 03:31:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7a1844283caf3216c346c268cb373b5d\System.Data.ni.dll
MOD - [2013/01/12 03:31:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/12 03:30:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 03:30:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/12 03:30:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/12 03:30:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 03:30:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/12 03:30:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 03:30:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/25 16:49:21 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/12 22:45:06 | 001,087,336 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/08 11:48:51 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/01 21:00:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 21:41:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 01:55:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/12 23:01:12 | 000,447,488 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 17:53:38 | 000,625,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/04/01 13:10:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/29 21:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/10 13:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/05/08 08:51:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 08:51:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 21:00:23 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/01 21:00:18 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/01 21:00:18 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/03 05:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010/04/07 17:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 22:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 22:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPCON/4"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/15 14:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/12 14:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]

[2011/01/15 14:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Extensions
[2013/03/01 08:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions
[2011/01/15 14:35:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/02/24 00:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/10 18:16:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/09/15 12:17:49 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\[email protected]
[2013/04/02 15:16:29 | 000,004,039 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{95af3f23-7446-4c0e-af71-4745bcef4adc}.xpi
[2012/12/29 11:01:42 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\crossrider
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [rdhtr] "C:\Windows\System32\rundll32.exe" "C:\Users\douche\AppData\Roaming\rdhtr.dll",AsEncodedObject File not found
O4 - HKCU..\Run: [WeatherEye] C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\douche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A518D21-C914-457F-8D49-B72527B3C776}: DhcpNameServer = 142.165.21.5 142.165.200.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8B02E6-A7C4-4883-ACF2-B330E47CE3E4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 15:46:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/02 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{B5BCF58D-E92F-4EB3-B79E-8D1E39C82989}
[2013/04/02 08:56:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/03/31 17:06:06 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{843B5954-ED46-458D-BEEE-48CC50287E56}
[2013/03/29 21:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/26 21:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9
[2013/03/21 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{73D474BD-36F9-477D-B90E-15B4578DC182}
[2013/03/13 03:22:08 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{557702E6-4735-421A-98F5-B6E1800121C4}
[2013/03/11 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{382B501B-5C04-440B-9796-D6B55015646A}
[2013/03/11 11:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/07 19:30:51 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{26AD0EAA-BB4B-447B-B9B7-A26E224412D3}
[2013/03/07 19:26:02 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:03 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 16:02:22 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 16:02:22 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 15:54:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 15:54:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/04/02 15:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 15:53:38 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 15:49:00 | 000,006,526 | ---- | M] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx
[2013/04/02 15:35:16 | 000,613,083 | ---- | M] () -- C:\Users\douche\Desktop\adwcleaner.exe
[2013/04/02 14:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 14:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/04/01 11:30:17 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/01 11:30:17 | 000,628,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/01 11:30:17 | 000,110,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/29 21:35:42 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:27 | 000,105,165 | ---- | M] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/28 08:41:25 | 000,002,109 | ---- | M] () -- C:\Users\douche\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 9.lnk
[2013/03/27 21:38:33 | 000,073,542 | ---- | M] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | M] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/21 03:17:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordouche.job
[2013/03/14 17:49:37 | 000,113,801 | ---- | M] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:44 | 000,125,647 | ---- | M] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/07 19:26:16 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 15:49:00 | 000,006,526 | ---- | C] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx
[2013/04/02 15:35:15 | 000,613,083 | ---- | C] () -- C:\Users\douche\Desktop\adwcleaner.exe
[2013/03/29 21:35:42 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:26 | 000,105,165 | ---- | C] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/27 21:38:33 | 000,073,542 | ---- | C] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | C] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/14 17:49:36 | 000,113,801 | ---- | C] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:42 | 000,125,647 | ---- | C] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/01 08:51:36 | 000,046,558 | ---- | C] () -- C:\Users\douche\AppData\Local\orvruskm
[2013/03/01 08:49:34 | 000,000,000 | ---- | C] () -- C:\Users\douche\AppData\Roaming\SharedSettings.ccs
[2012/08/06 10:13:30 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/08/06 10:13:29 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/19 20:53:12 | 000,007,680 | ---- | C] () -- C:\Users\douche\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 01:53:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/15 19:37:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/18 16:06:27 | 000,001,854 | ---- | C] () -- C:\Users\douche\AppData\Roaming\GhostObjGAFix.xml

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/30 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\5300 Series
[2013/04/02 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Azureus
[2011/04/01 10:40:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\FrostWire
[2011/01/14 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Lexmark Productivity Studio
[2012/09/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Nico Mak Computing
[2011/04/08 11:50:21 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\OpenOffice.org
[2010/12/10 23:39:37 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\PictureMover
[2011/04/14 09:38:32 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Research In Motion
[2012/05/03 09:01:11 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Samsung
[2011/04/10 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\SoftGrid Client
[2011/03/21 20:10:40 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TP
[2013/03/29 23:49:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TuneUpMedia
[2013/02/10 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\uTorrent
[2010/12/11 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\WinBatch
[2011/02/01 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:9033BDFB
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3F2212BB

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is there not a text file on the desktop ?

A little tidying up now, how is the computer behaving ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [rdhtr] "C:\Windows\System32\rundll32.exe" "C:\Users\douche\AppData\Roaming\rdhtr.dll",AsEncodedObject File not found
[2013/04/02 15:49:00 | 000,006,526 | ---- | M] () -- C:\Users\douche\AppData\Local\95af3f23-7446-4c0e-af71-4745bcef4adc.crx
[2013/03/01 08:51:36 | 000,046,558 | ---- | C] () -- C:\Users\douche\AppData\Local\orvruskm

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

  • Run Malwarebytes.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#5
quadine

quadine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My firefox theme is still gone but the popups are gone.
also I havent been able to upgrade my AV via the popup
that comes up as a reminder. It just pops up and wont
allow me to click on anything but ignore or delete.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download and install a fresh copy of your AV and see if that resets it
  • 0

#7
quadine

quadine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok I'll try to download a new copy. Heres the 2 logs;




OTL logfile created on: 4/3/2013 9:10:17 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\douche\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 75.93% Memory free
16.00 Gb Paging File | 13.83 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.64 Gb Total Space | 793.11 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
Drive D: | 12.77 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1141.29 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive K: | 7.27 Gb Total Space | 6.86 Gb Free Space | 94.30% Space Free | Partition Type: FAT32

Computer Name: DOUCHE-HP | User Name: douche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
PRC - [2013/03/26 21:41:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/16 20:38:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/17 15:35:32 | 002,037,096 | ---- | M] (Ralink Technology, Inc.) -- C:\Program Files (x86)\Ralink\Common\RaWiFi.exe
PRC - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/21 18:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/26 21:41:16 | 003,147,672 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\mozjs.dll
MOD - [2013/02/14 03:27:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/12 03:37:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/12 03:31:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/12 03:31:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 03:31:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7a1844283caf3216c346c268cb373b5d\System.Data.ni.dll
MOD - [2013/01/12 03:31:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/12 03:30:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 03:30:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/12 03:30:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/12 03:30:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 03:30:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/12 03:30:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 03:30:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/25 16:49:21 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/12 22:45:06 | 001,087,336 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/01 21:00:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 21:41:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 01:55:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/05/08 08:51:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 08:51:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/12 23:01:12 | 000,447,488 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 17:53:38 | 000,625,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/04/01 13:10:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/29 21:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/10 13:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/05/08 08:51:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 08:51:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 21:00:23 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/01 21:00:18 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/01 21:00:18 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/03 05:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010/04/07 17:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 22:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 22:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{32430699-BE7F-4E0B-8BD5-9BC61443E3E3}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{6429F06D-E02F-4EF6-A4BD-D8471D323726}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{725E7A81-8347-49CE-B8FB-38AE03E50831}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D70415CD-5078-435A-9E8C-159F73670966}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPCON/4"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/15 14:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/12 14:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2013/03/26 21:41:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2013/03/26 21:41:15 | 000,000,000 | ---D | M]

[2011/01/15 14:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Extensions
[2013/04/02 16:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions
[2011/01/15 14:35:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/02/24 00:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/15 12:17:49 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\[email protected]
[2013/04/02 15:16:29 | 000,004,039 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{95af3f23-7446-4c0e-af71-4745bcef4adc}.xpi
[2012/12/29 11:01:42 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\douche\AppData\Roaming\Mozilla\Firefox\Profiles\wph9d4yk.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\crossrider
CHR - Extension: RewardsArcade = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.20.118_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\douche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [WeatherEye] C:\Users\douche\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A518D21-C914-457F-8D49-B72527B3C776}: DhcpNameServer = 142.165.21.5 142.165.200.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8B02E6-A7C4-4883-ACF2-B330E47CE3E4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/03 09:09:21 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{0A2172E3-869B-4E42-832D-167C12D252A9}
[2013/04/03 09:02:41 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Roaming\Malwarebytes
[2013/04/03 09:02:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/03 09:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/03 09:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/03 09:01:34 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\Programs
[2013/04/02 15:46:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/02 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{B5BCF58D-E92F-4EB3-B79E-8D1E39C82989}
[2013/04/02 08:56:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/03/31 17:06:06 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{843B5954-ED46-458D-BEEE-48CC50287E56}
[2013/03/29 21:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/26 21:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9
[2013/03/21 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{73D474BD-36F9-477D-B90E-15B4578DC182}
[2013/03/13 03:22:08 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{557702E6-4735-421A-98F5-B6E1800121C4}
[2013/03/11 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{382B501B-5C04-440B-9796-D6B55015646A}
[2013/03/11 11:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/11 11:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/07 19:30:51 | 000,000,000 | ---D | C] -- C:\Users\douche\AppData\Local\{26AD0EAA-BB4B-447B-B9B7-A26E224412D3}
[2013/03/07 19:26:02 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:03 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 09:07:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/03 09:07:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/04/03 09:06:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/03 09:06:05 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/03 09:02:39 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/03 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 08:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 16:31:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 16:31:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 15:35:16 | 000,613,083 | ---- | M] () -- C:\Users\douche\Desktop\adwcleaner.exe
[2013/04/02 08:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\douche\Desktop\OTL.exe
[2013/04/01 11:30:17 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/01 11:30:17 | 000,628,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/01 11:30:17 | 000,110,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/29 21:35:42 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:27 | 000,105,165 | ---- | M] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/28 08:41:25 | 000,002,109 | ---- | M] () -- C:\Users\douche\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 9.lnk
[2013/03/27 21:38:33 | 000,073,542 | ---- | M] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | M] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/21 03:17:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordouche.job
[2013/03/14 17:49:37 | 000,113,801 | ---- | M] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:44 | 000,125,647 | ---- | M] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/07 19:26:16 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\douche\Desktop\mbam-setup.exe
[2013/03/07 19:23:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\douche\Desktop\iExplore.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/03 09:02:39 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 15:35:15 | 000,613,083 | ---- | C] () -- C:\Users\douche\Desktop\adwcleaner.exe
[2013/03/29 21:35:42 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 22:54:26 | 000,105,165 | ---- | C] () -- C:\Users\douche\Desktop\LcRICes.jpg
[2013/03/27 21:38:33 | 000,073,542 | ---- | C] () -- C:\Users\douche\Desktop\suiGjUg.jpg
[2013/03/26 18:36:19 | 000,001,269 | ---- | C] () -- C:\Users\douche\Desktop\Start Tor Browser - Shortcut.lnk
[2013/03/14 17:49:36 | 000,113,801 | ---- | C] () -- C:\Users\douche\Desktop\gMGgo2q.jpg
[2013/03/11 11:53:21 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/08 10:30:42 | 000,125,647 | ---- | C] () -- C:\Users\douche\Desktop\E25teSl.jpg
[2013/03/01 08:49:34 | 000,000,000 | ---- | C] () -- C:\Users\douche\AppData\Roaming\SharedSettings.ccs
[2012/08/06 10:13:30 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/08/06 10:13:29 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/19 20:53:12 | 000,007,680 | ---- | C] () -- C:\Users\douche\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 01:53:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/15 19:37:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/18 16:06:27 | 000,001,854 | ---- | C] () -- C:\Users\douche\AppData\Roaming\GhostObjGAFix.xml

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/30 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\5300 Series
[2013/04/02 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Azureus
[2011/04/01 10:40:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\FrostWire
[2011/01/14 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Lexmark Productivity Studio
[2012/09/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Nico Mak Computing
[2011/04/08 11:50:21 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\OpenOffice.org
[2010/12/10 23:39:37 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\PictureMover
[2011/04/14 09:38:32 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Research In Motion
[2012/05/03 09:01:11 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Samsung
[2011/04/10 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\SoftGrid Client
[2011/03/21 20:10:40 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TP
[2013/03/29 23:49:03 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\TuneUpMedia
[2013/02/10 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\uTorrent
[2010/12/11 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\WinBatch
[2011/02/01 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\douche\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:9033BDFB
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3F2212BB

< End of report >




Malwarebytes




Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
douche :: DOUCHE-HP [administrator]

Protection: Enabled

03/04/2013 9:20:28 AM
mbam-log-2013-04-03 (09-20-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209639
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did the over install of Avira work \?

Any further outstanding problems ?
  • 0

#9
quadine

quadine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
yes it seems to have worked. My computer seems to be running
well and an Antivir scan reveals no problems so I think I'm good.
Thanks so much for your time and patience.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
quadine

quadine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Done and Done! All seems to be well. Thanks again for your help
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure keep safe :wave:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP