ak24

Great! I also think system is clean now. Thanks for your help!

Hi, I cannot manually delete this folder. It gives me "Try Again" option. Other than this query do you think my machine is currently free from malware?

Hi, I followed the steps. Above are my OTL and Extras reports. Please let me know. Thanks in advance.

OTL Extras logfile created on: 8/7/2012 7:32:14 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\hp\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.33% Memory free 8.03 Gb Paging File | 5.88 Gb Available in Paging File | 73.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.66 Gb Total Space | 68.21 Gb Free Space | 30.77% Space Free | Partition Type: NTFS Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = E3 FE 03 F9 6F 85 CC 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{473E65D6-5CBA-4408-A921-4CD7F203A3C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0921ECAD-29FF-4A2C-AC21-19920DBCA94F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0CE613AF-A7B1-411F-AF71-7196B009CC26}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{132A733C-7838-4E47-98F2-D067536C87B2}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | "{1A09A9CA-A2B4-4FC9-B571-ADFC473698C1}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{1B7EBDCB-A3D1-4B82-9A5C-D3803AEAA04F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "{6180A0CD-4A82-4848-AD2C-3A0B44A0DBD0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | "{7350D483-6705-4E25-971C-B31AD9D32018}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{75D5D6E9-09A6-40E0-A0F3-56166365CC1A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{776173E1-53B5-4C56-A87C-65F8F926B6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8EC67706-7559-43EC-8EB3-6F26C4412D92}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{96676722-B681-4FBC-AC5F-5D3176CA6AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{99DB1C28-742B-4664-87BF-F9E14C1DFCCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A0D54485-EB40-4C7C-B813-25F4D788D1FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{AE52FAA6-E03F-49FB-AE36-9585CB55C11D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{B6DE3A6A-561C-4C0D-A54F-01EDFF9C5E70}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BB397D14-E001-484C-8342-A053508C39FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BBEC3E57-03AA-47F6-B3BB-088657E9ABF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BE7EADF6-BE92-47C4-8E25-0D94E300F922}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{BEC6E3A2-8EB0-41FE-87FC-FDF76CE5F877}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{BF371715-6869-46F0-A80F-B134F1DFA6A5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C9B83AE3-5A30-4BA8-AACF-25C0DD88292D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CDC01749-B9C2-4F33-A15C-D66F0A60919B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DA439475-71DA-4D0C-AD39-A2CDB27A6D8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{DD6B4C00-1F59-49FE-848C-EF755B325610}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{F88267F7-BA33-4B5A-8F62-E38108251ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "{F9B9427B-5DD7-4BB1-8E54-874D3712E431}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FE43069C-8EF7-4126-8555-6809A29431F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2 "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English "{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software "Agere Systems Soft Modem" = Agere Systems HDA Modem "AutoCAD 2010 - English" = AutoCAD 2010 - English "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766 "HDMI" = Intel® Graphics Media Accelerator Driver "HP Photosmart Essential" = HP Photosmart Essential 2.5 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Veoh Manager "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3 "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1 "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{DC812C48-0BC8-4718-B584-407EC4D87BAA}" = Building Design and Construction Systems "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ENTERPRISE" = Microsoft Office Enterprise 2007 "Giraffic" = Veoh Giraffic Video Accelerator "GMailFS" = GMail Drive Shell Extension "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Picasa 3" = Picasa 3 "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Veoh Web Player Beta" = Veoh Web Player "VLC media player" = VideoLAN VLC media player 0.8.6c "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR 4.01 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/7/2012 10:24:21 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6919783 Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6922529 Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6922529 Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6923574 Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6923574 Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6925165 Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6925165 [ OSession Events ] Error - 1/31/2012 2:57:24 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14898 seconds with 4200 seconds of active time. This session ended with a crash. Error - 2/6/2012 1:00:49 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 171 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/2/2012 11:42:13 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 8/2/2012 11:42:13 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 8/5/2012 3:02:45 AM | Computer Name = hp-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:49:35 PM on 8/4/2012 was unexpected. Error - 8/5/2012 3:05:10 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 8/5/2012 3:25:19 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:49:40 AM on 8/5/2012 was unexpected. Error - 8/5/2012 3:27:19 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 8/5/2012 9:22:05 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 4:59:01 PM on 8/5/2012 was unexpected. Error - 8/6/2012 11:30:48 AM | Computer Name = hp-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:24:00 PM on 8/5/2012 was unexpected. Error - 8/6/2012 11:33:25 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 8/6/2012 8:21:46 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = < End of report >

OTL logfile created on: 8/7/2012 7:32:14 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\hp\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.33% Memory free 8.03 Gb Paging File | 5.88 Gb Available in Paging File | 73.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.66 Gb Total Space | 68.21 Gb Free Space | 30.77% Space Free | Partition Type: NTFS Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/07 19:30:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe PRC - [2012/07/10 19:45:04 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012/07/02 08:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2009/04/10 23:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe ========== Modules (No Company Name) ========== MOD - [2012/07/30 22:36:14 | 000,442,392 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll MOD - [2012/07/30 22:36:13 | 012,235,288 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll MOD - [2012/07/30 22:36:12 | 003,997,720 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll MOD - [2012/07/30 22:34:45 | 000,144,424 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll MOD - [2012/07/30 22:34:43 | 000,266,792 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll MOD - [2012/07/30 22:34:42 | 002,480,680 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll MOD - [2012/06/29 20:42:26 | 004,051,456 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll MOD - [2012/06/29 20:42:26 | 000,100,864 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe MOD - [2008/04/23 23:51:56 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2008/04/23 23:51:40 | 000,120,200 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2008/04/23 23:51:40 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll MOD - [2008/04/23 23:51:30 | 000,259,472 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/05 20:39:50 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/03/26 02:46:54 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV:64bit: - [2008/04/28 14:24:26 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe -- (STacSV) SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV) DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2008/04/28 14:24:54 | 000,454,656 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091} IE:64bit: - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111917&babsrc=SP_ss&mntrId=806a5f170000000000000021867741ae IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{E4F8A3B6-6028-44FB-8E36-2BE00213527B}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/01 04:39:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/03/10 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions [2012/07/18 21:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\hp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.40_0\ CHR - Extension: Gmail = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe () O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [googletalk] C:\Users\hp\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C73E1A7-0495-4270-AB4C-6E7810F2C3CB}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCDA36D-D73A-49E8-A275-B62EA1A60C6F}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\hp\Desktop\latest pics\DSC08216-crpd final.jpg O24 - Desktop BackupWallPaper: C:\Users\hp\Desktop\latest pics\DSC08216-crpd final.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/05 20:10:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell - "" = AutoRun O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/07 19:30:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2012/08/06 23:09:43 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\My Keypoint [2012/08/06 15:28:57 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\COCKTAIL [2012/08/06 15:28:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\JISM 2 [2012/08/06 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\EK THA TIGER [2012/08/03 14:30:49 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\good old memories [2012/07/27 07:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/07/27 07:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows [2012/07/25 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\latest pics [2012/07/18 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/18 22:05:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/18 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/07/18 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/07/18 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/07/18 20:41:38 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/07/15 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes [2012/07/15 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/15 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/11 13:07:36 | 000,000,000 | ---D | C] -- C:\2dabcaa47b27aeae096d8cbf4317 [2012/07/11 09:37:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/11 09:37:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 09:37:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/11 09:37:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 09:37:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/11 09:37:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 09:37:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/11 09:37:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 09:37:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/11 09:37:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 09:37:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/11 09:37:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/11 09:37:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/10 14:04:34 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/08 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012/07/08 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012/07/08 20:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010 [2012/07/08 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Statements_Chase [2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/07 19:30:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2012/08/07 19:24:31 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000UA.job [2012/08/07 19:24:29 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job [2012/08/07 19:24:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/06 23:40:54 | 000,174,681 | ---- | M] () -- C:\Users\hp\Desktop\PGE Aug Payment.pdf [2012/08/06 23:03:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 23:03:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 17:20:27 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/08/06 17:19:49 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job [2012/08/06 17:19:27 | 4193,214,464 | -HS- | M] () -- C:\hiberfil.sys [2012/08/06 15:54:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/08/06 14:52:15 | 000,706,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/06 14:52:15 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/06 14:52:15 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/03 19:50:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000Core.job [2012/08/02 23:32:31 | 000,056,320 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/02 20:53:37 | 000,139,264 | ---- | M] () -- C:\Users\hp\Desktop\SystemLook.exe [2012/08/02 08:05:56 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk [2012/07/30 23:28:53 | 003,078,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/19 00:12:18 | 000,000,104 | ---- | M] () -- C:\Users\hp\Desktop\Recycle Bin - Shortcut.lnk [2012/07/18 21:42:12 | 000,003,437 | ---- | M] () -- C:\user.js [2012/07/18 20:43:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/18 20:42:40 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/17 06:36:03 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat [2012/07/08 20:34:46 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk [2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/07 19:26:21 | 000,101,081 | ---- | C] () -- C:\Users\hp\Desktop\Comcast August.pdf [2012/08/07 19:26:15 | 000,078,182 | ---- | C] () -- C:\Users\hp\Desktop\Amex 62000 August 07.pdf [2012/08/07 19:26:13 | 000,077,501 | ---- | C] () -- C:\Users\hp\Desktop\Amex 41006 August 07.pdf [2012/08/07 19:26:12 | 000,090,344 | ---- | C] () -- C:\Users\hp\Desktop\Citibank August 07.pdf [2012/08/06 23:40:52 | 000,174,681 | ---- | C] () -- C:\Users\hp\Desktop\PGE Aug Payment.pdf [2012/08/02 20:53:31 | 000,139,264 | ---- | C] () -- C:\Users\hp\Desktop\SystemLook.exe [2012/07/19 00:12:18 | 000,000,104 | ---- | C] () -- C:\Users\hp\Desktop\Recycle Bin - Shortcut.lnk [2012/07/18 21:43:09 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job [2012/07/18 21:43:07 | 000,000,360 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job [2012/07/18 20:42:51 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/07/18 20:42:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/15 20:52:32 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/07/08 20:34:46 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk [2011/11/14 04:21:20 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat [2011/10/01 15:49:28 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Roaming\.googlewebacchosts [2011/09/28 22:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011/09/28 22:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011/09/28 22:56:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011/09/28 22:25:01 | 000,056,320 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/27 12:10:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010/12/10 14:20:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin ========== Custom Scans ========== < c:|;true;true;true; /FP > < End of report >

SystemLook 30.07.11 by jpshortstuff Log created at 23:06 on 06/08/2012 by hp Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== dir ========== C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder. -= EOF =-

<p> </p> <div>SystemLook 30.07.11 by jpshortstuff</div> <div>Log created at 22:43 on 02/08/2012 by hp</div> <div>Administrator - Elevation successful</div> <div>WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.</div> <div> </div> <div>========== dir ==========</div> <div> </div> <div>C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder.</div> <div> </div> <div>-= EOF =-</div>

<p>Hi,</p> <p>I worked as per your direction. Following is the result:</p> <p> </p> <p> </p> <div>SystemLook 30.07.11 by jpshortstuff</div> <div>Log created at 22:43 on 02/08/2012 by hp</div> <div>Administrator - Elevation successful</div> <div>WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.</div> <div> </div> <div>========== dir ==========</div> <div> </div> <div>C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder.</div> <div> </div> <div>-= EOF =-</div>

Hi, I ran OTL - Cleanup. Rebooted my machine but I still see the folder in my C: Drive. I tried deleting the folder but not able to do it.

Hello, I think the issue related to the "bProtectorForWindows" and "searchplugins" folders is fixed too. The only question remaining is on my C: Drive i have a folder called " 2dabcaa47b27aeae096d8cbf4317" which i am not able to delete. Can you please assist me? Thanks.

Hello, I think I do not see the babylon thing anymore. Thanks for your help! I will let you know if it comes back again. I also have an another issue on my machine, When I open an image or PDF, 2 folders gets created - "bProtectorForWindows" and "searchplugins". Even I delete them those come back again. Can you please help me to resolve this issue? Thanks in advance for your help.

Hello Maniac, As per your direction, I deleted the required files and then ran OTL. Posted above is the log. Please advise. Thanks in advance!

All processes killed ========== OTL ========== Releasing module c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll File move failed. c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found. HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found. Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found. File C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. File C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhlkpnogjnndgkkgllfddmpncihnkk\1.0_0 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found. File C:\Program Files\Web Assistant\Extension64.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found. File C:\Program Files\Web Assistant\Extension32.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found. File C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ not found. File C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll not found. Registry value HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully. Folder C:\Users\hp\searchplugins\ not found. Folder C:\Users\hp\bProtectorForWindows\ not found. C:\ProgramData\Premium\Setup folder moved successfully. C:\ProgramData\Premium folder moved successfully. C:\ProgramData\CodecUpdate\searchplugins folder moved successfully. C:\ProgramData\CodecUpdate\bProtectorForWindows\2.2.453.59 folder moved successfully. C:\ProgramData\CodecUpdate\bProtectorForWindows folder moved successfully. C:\ProgramData\CodecUpdate folder moved successfully. Folder C:\Program Files (x86)\Incredibar.com\ not found. C:\Program Files\Web Assistant\searchplugins folder moved successfully. C:\Program Files\Web Assistant\bProtectorForWindows\2.2.453.59 folder moved successfully. C:\Program Files\Web Assistant\bProtectorForWindows folder moved successfully. C:\Program Files\Web Assistant folder moved successfully. Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv\ not found. C:\ProgramData\Codecv\data folder moved successfully. C:\ProgramData\Codecv folder moved successfully. C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\A1381A8079B1F1B5 folder moved successfully. C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully. C:\ProgramData\InstallMate folder moved successfully. C:\Windows\SysWow64\Extensions folder moved successfully. C:\Windows\SysWow64\searchplugins folder moved successfully. C:\Windows\SysWow64\bProtectorForWindows\2.2.453.59 folder moved successfully. C:\Windows\SysWow64\bProtectorForWindows folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.453.59\traking_settings folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\searchplugins folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\content folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\components folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension folder moved successfully. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. ========== FILES ========== File\Folder C:\Program Files (x86)\Viewpoint not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\hp\Desktop\cmd.bat deleted successfully. C:\Users\hp\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: hp ->Temp folder emptied: 2017697576 bytes ->Temporary Internet Files folder emptied: 932552325 bytes ->Java cache emptied: 195717 bytes ->Google Chrome cache emptied: 12363341 bytes ->Flash cache emptied: 742 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 380920618 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes RecycleBin emptied: 1964603233 bytes Total Files Cleaned = 5,062.00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07272012_072510 Files\Folders moved on Reboot... File move failed. c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll scheduled to be moved on reboot. C:\ProgramData\bProtectorForWindows\2.2.453.59\traking_settings folder moved successfully. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. PendingFileRenameOperations files... [2012/07/04 00:03:37 | 002,008,096 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll : Unable to obtain MD5 File C:\ProgramData\bProtectorForWindows\2.2.453.59 not found! File C:\ProgramData\bProtectorForWindows not found! Registry entries deleted on Reboot...

Extras.txt OTL Extras logfile created on: 7/18/2012 11:09:16 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hp\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.21% Memory free 8.04 Gb Paging File | 5.80 Gb Available in Paging File | 72.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.66 Gb Total Space | 56.95 Gb Free Space | 25.69% Space Free | Partition Type: NTFS Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = E3 FE 03 F9 6F 85 CC 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{473E65D6-5CBA-4408-A921-4CD7F203A3C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0921ECAD-29FF-4A2C-AC21-19920DBCA94F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0CE613AF-A7B1-411F-AF71-7196B009CC26}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{132A733C-7838-4E47-98F2-D067536C87B2}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | "{1A09A9CA-A2B4-4FC9-B571-ADFC473698C1}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{1B7EBDCB-A3D1-4B82-9A5C-D3803AEAA04F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "{6180A0CD-4A82-4848-AD2C-3A0B44A0DBD0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | "{7350D483-6705-4E25-971C-B31AD9D32018}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{75D5D6E9-09A6-40E0-A0F3-56166365CC1A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{776173E1-53B5-4C56-A87C-65F8F926B6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8EC67706-7559-43EC-8EB3-6F26C4412D92}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{96676722-B681-4FBC-AC5F-5D3176CA6AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{99DB1C28-742B-4664-87BF-F9E14C1DFCCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A0D54485-EB40-4C7C-B813-25F4D788D1FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{AE52FAA6-E03F-49FB-AE36-9585CB55C11D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{B6DE3A6A-561C-4C0D-A54F-01EDFF9C5E70}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BB397D14-E001-484C-8342-A053508C39FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BBEC3E57-03AA-47F6-B3BB-088657E9ABF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BE7EADF6-BE92-47C4-8E25-0D94E300F922}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{BEC6E3A2-8EB0-41FE-87FC-FDF76CE5F877}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{BF371715-6869-46F0-A80F-B134F1DFA6A5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C9B83AE3-5A30-4BA8-AACF-25C0DD88292D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CDC01749-B9C2-4F33-A15C-D66F0A60919B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DA439475-71DA-4D0C-AD39-A2CDB27A6D8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{DD6B4C00-1F59-49FE-848C-EF755B325610}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{F88267F7-BA33-4B5A-8F62-E38108251ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "{F9B9427B-5DD7-4BB1-8E54-874D3712E431}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FE43069C-8EF7-4126-8555-6809A29431F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2 "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439 "{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English "{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software "Agere Systems Soft Modem" = Agere Systems HDA Modem "AutoCAD 2010 - English" = AutoCAD 2010 - English "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766 "HDMI" = Intel® Graphics Media Accelerator Driver "HP Photosmart Essential" = HP Photosmart Essential 2.5 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Veoh Manager "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3 "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1 "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{DC812C48-0BC8-4718-B584-407EC4D87BAA}" = Building Design and Construction Systems "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ENTERPRISE" = Microsoft Office Enterprise 2007 "Giraffic" = Veoh Giraffic Video Accelerator "GMailFS" = GMail Drive Shell Extension "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04 "HP Smart Web Printing" = HP Smart Web Printing "incredibar" = Incredibar Toolbar on IE "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Picasa 3" = Picasa 3 "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Veoh Web Player Beta" = Veoh Web Player "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6c "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR 4.01 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/18/2012 10:23:58 PM | Computer Name = hp-PC | Source = Chrome | ID = 1 Description = Error - 7/18/2012 10:24:33 PM | Computer Name = hp-PC | Source = Chrome | ID = 1 Description = Error - 7/18/2012 10:28:54 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description = Error - 7/18/2012 11:16:50 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description = Error - 7/18/2012 11:35:30 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description = Error - 7/18/2012 11:49:41 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description = Error - 7/19/2012 12:54:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/19/2012 12:54:04 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/19/2012 12:54:04 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/19/2012 1:47:21 AM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 1/31/2012 2:57:24 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14898 seconds with 4200 seconds of active time. This session ended with a crash. Error - 2/6/2012 1:00:49 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 171 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 11/5/2011 11:42:37 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. Error - 11/6/2011 12:21:45 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:20:05 AM on 11/6/2011 was unexpected. Error - 11/6/2011 12:23:45 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/8/2011 11:28:38 PM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. Error - 11/9/2011 1:45:09 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7011 Description = Error - 11/9/2011 7:00:49 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. Error - 11/10/2011 7:00:41 AM | Computer Name = hp-PC | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.1.7 on the Network Card with network address 0021008BBB80. Error - 11/11/2011 7:00:48 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. Error - 11/12/2011 7:00:43 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. Error - 11/13/2011 7:00:49 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12 Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared from the system without first being prepared for removal. < End of report >

OTL.txt. OTL logfile created on: 7/18/2012 11:09:16 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hp\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.21% Memory free 8.04 Gb Paging File | 5.80 Gb Available in Paging File | 72.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.66 Gb Total Space | 56.95 Gb Free Space | 25.69% Space Free | Partition Type: NTFS Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/18 23:04:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe PRC - [2012/07/10 19:45:04 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012/07/02 08:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe ========== Modules (No Company Name) ========== MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll MOD - [2012/07/04 00:03:37 | 002,008,096 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll MOD - [2012/06/29 20:42:26 | 004,051,456 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll MOD - [2012/06/29 20:42:26 | 000,100,864 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe MOD - [2008/04/23 23:51:56 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2008/04/23 23:51:40 | 000,120,200 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2008/04/23 23:51:40 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll MOD - [2008/04/23 23:51:30 | 000,259,472 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/05 20:39:50 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/03/26 02:46:54 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV:64bit: - [2008/04/28 14:24:26 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe -- (STacSV) SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService) SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC) SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV) DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2008/04/28 14:24:54 | 000,454,656 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091} IE:64bit: - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE:64bit: - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111917&babsrc=SP_ss&mntrId=806a5f170000000000000021867741ae IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQDU9anyY&i=26 IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{E4F8A3B6-6028-44FB-8E36-2BE00213527B}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/07/18 21:40:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/01 04:39:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/07/04 00:03:43 | 000,000,000 | ---D | M] [2012/03/10 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions [2012/07/18 21:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: MyStart Search (Enabled) CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6PQDU9anyY&i=26 CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\hp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: General Crawler = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: Codecv = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhlkpnogjnndgkkgllfddmpncihnkk\1.0_0\ CHR - Extension: Gmail = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe () O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [googletalk] C:\Users\hp\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C73E1A7-0495-4270-AB4C-6E7810F2C3CB}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCDA36D-D73A-49E8-A275-B62EA1A60C6F}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\hp\Pictures\2012- 06June-Las Vegas(17-20 June)\DSC07310.JPG O24 - Desktop BackupWallPaper: C:\Users\hp\Pictures\2012- 06June-Las Vegas(17-20 June)\DSC07310.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/05 20:10:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell - "" = AutoRun O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/18 23:04:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\searchplugins [2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\bProtectorForWindows [2012/07/18 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/18 22:05:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/18 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012/07/18 21:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate [2012/07/18 21:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com [2012/07/18 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/07/18 21:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/07/18 21:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv [2012/07/18 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv [2012/07/18 21:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012/07/18 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/07/18 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/07/15 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes [2012/07/15 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/15 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/11 13:07:36 | 000,000,000 | ---D | C] -- C:\2dabcaa47b27aeae096d8cbf4317 [2012/07/11 12:24:12 | 000,000,000 | ---D | C] -- C:\793cad9694fbfdb327ae [2012/07/08 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012/07/08 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012/07/08 20:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010 [2012/07/08 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Statements_Chase [2012/07/06 20:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/07/05 20:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Autodesk [2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Autodesk [2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012/07/05 20:10:37 | 000,000,000 | ---D | C] -- C:\Autodesk [2012/07/04 00:03:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/07/04 00:03:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/07/04 00:03:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows [2012/07/04 00:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows [2012/07/02 23:25:40 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\My PG&E [2012/07/02 20:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode [2012/07/02 20:27:11 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [2012/06/22 14:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [2012/06/22 14:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons [2012/06/20 08:32:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Tririga Training Docs [2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/18 23:04:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2012/07/18 22:50:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000UA.job [2012/07/18 22:49:04 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/07/18 22:46:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 22:46:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 22:46:14 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job [2012/07/18 22:46:13 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job [2012/07/18 22:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/18 22:45:40 | 4193,214,464 | -HS- | M] () -- C:\hiberfil.sys [2012/07/18 22:44:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/07/18 21:42:12 | 000,003,437 | ---- | M] () -- C:\user.js [2012/07/18 20:43:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/18 20:42:40 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/18 20:42:40 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/18 20:42:40 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/18 19:50:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000Core.job [2012/07/17 19:09:33 | 000,107,003 | ---- | M] () -- C:\Users\hp\Desktop\we.jpg [2012/07/17 06:36:03 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat [2012/07/15 11:32:16 | 000,386,699 | ---- | M] () -- C:\Users\hp\Desktop\feb.pdf [2012/07/15 11:31:53 | 000,276,736 | ---- | M] () -- C:\Users\hp\Desktop\july.pdf [2012/07/15 11:17:51 | 000,314,337 | ---- | M] () -- C:\Users\hp\Desktop\att.pdf [2012/07/15 11:10:12 | 000,049,664 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/11 15:57:29 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk [2012/07/11 12:41:41 | 003,078,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/08 20:34:46 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk [2012/07/04 12:17:20 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/04 12:00:58 | 000,427,400 | ---- | M] () -- C:\Users\hp\Documents\BART_Map.pdf [2012/07/04 11:58:48 | 000,197,326 | ---- | M] () -- C:\Users\hp\Documents\Golden Gate Park.pdf [2012/07/04 11:57:55 | 000,449,078 | ---- | M] () -- C:\Users\hp\Documents\SF Map.pdf [2012/07/04 11:57:03 | 001,916,312 | ---- | M] () -- C:\Users\hp\Documents\SF Muni Map.pdf [2012/07/04 00:04:34 | 000,002,068 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/03 00:11:13 | 000,000,367 | ---- | M] () -- C:\Users\hp\Desktop\Pictures - Shortcut.lnk [2012/06/30 09:52:37 | 000,096,959 | ---- | M] () -- C:\Users\hp\Documents\Sketch.pdf [2012/06/23 16:03:48 | 000,000,000 | -H-- | M] () -- C:\Users\hp\Documents\Default.rdp [2012/06/23 13:09:30 | 000,051,769 | ---- | M] () -- C:\Users\hp\Documents\ashish-kulkarni_ethiopia-restaurant.pdf [2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/18 21:43:09 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job [2012/07/18 21:43:07 | 000,000,360 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job [2012/07/18 20:42:51 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/07/18 20:42:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/17 19:09:45 | 000,107,003 | ---- | C] () -- C:\Users\hp\Desktop\we.jpg [2012/07/15 20:52:32 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/07/15 11:32:31 | 000,386,699 | ---- | C] () -- C:\Users\hp\Desktop\feb.pdf [2012/07/15 11:32:07 | 000,276,736 | ---- | C] () -- C:\Users\hp\Desktop\july.pdf [2012/07/15 11:17:50 | 000,314,337 | ---- | C] () -- C:\Users\hp\Desktop\att.pdf [2012/07/08 20:34:46 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk [2012/07/04 12:01:02 | 000,427,400 | ---- | C] () -- C:\Users\hp\Documents\BART_Map.pdf [2012/07/04 11:58:53 | 000,197,326 | ---- | C] () -- C:\Users\hp\Documents\Golden Gate Park.pdf [2012/07/04 11:58:00 | 000,449,078 | ---- | C] () -- C:\Users\hp\Documents\SF Map.pdf [2012/07/04 11:57:12 | 001,916,312 | ---- | C] () -- C:\Users\hp\Documents\SF Muni Map.pdf [2012/07/03 00:11:13 | 000,000,367 | ---- | C] () -- C:\Users\hp\Desktop\Pictures - Shortcut.lnk [2012/06/30 09:52:37 | 000,096,959 | ---- | C] () -- C:\Users\hp\Documents\Sketch.pdf [2012/06/23 16:03:48 | 000,000,000 | -H-- | C] () -- C:\Users\hp\Documents\Default.rdp [2012/06/23 13:09:30 | 000,051,769 | ---- | C] () -- C:\Users\hp\Documents\ashish-kulkarni_ethiopia-restaurant.pdf [2011/11/14 04:21:20 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat [2011/10/01 15:49:28 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Roaming\.googlewebacchosts [2011/09/28 22:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011/09/28 22:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011/09/28 22:56:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011/09/28 22:25:01 | 000,049,664 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/27 12:10:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010/12/10 14:20:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2012/07/18 22:46:14 | 000,000,360 | -H-- | M] () -- C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job [2012/07/18 22:46:13 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job [2012/07/18 22:44:44 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >