Jump to content

Livesearchnow redirect virus


Recommended Posts

Here are the results

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 8.0 Firefox out of Date!

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

And.... it's back.

Not sure if it's related at all, but I was disconnected from the internet a few times very briefly just before the latest redirect. I was playing some Online games, and D/C'd three times in quick succession... it was when I went to google search D/C issues with the game that I started getting re-directed again.

Link to post
Share on other sites

Java™ 6 Update 37 <---please uninstall from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Adobe Flash Player 11.4.402.287 Flash Player out of Date! <---please check for an update

Adobe Reader 10.1.4 Adobe Reader out of Date! <----please check for an update

Mozilla Firefox 8.0 Firefox out of Date! <---please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After you update FF........please reset FF and IE back to defaults:

http://support.mozil...x-most-problems <---reset FF

http://www.mostiwant...7-8-9-settings/ <----IE reset

Let me know.......MrC

Link to post
Share on other sites

Ok.

I deleted the one Java, Updated the other. Updated Adobe Flash and Reader. I updated IE and since I don't use FF I uninstalled it. After this was done, I tried a search and got redirected. Then I reset IE to defaults and have had 10 clean searchers while using Chrome.

Please note, I'm going out of town for the next week. I will have the infected laptop with me, and will be able to continue with this thread, just might be a bit more sporadic. Thanks greatly again for all the help so far!

Link to post
Share on other sites

So, I'm starting to think the clean stretches I get are just flukes, or maybe the virus goes hiding lol.... I didn't use my laptop at all for anything after my last post until last night. When I logged in to google some stuff, the virus was back and as annoying as always....

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Here are the two logs

OTL Extras logfile created on: 12/13/2012 11:01:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free

11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS

Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS

Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32

Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)

"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09509B09-A20E-4EC5-844B-144F2D803AEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{09F9009A-EF41-4AAE-8D08-3C74AFCBB863}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{12C5B76E-F2C0-4EE3-BA45-2FE5483FBF59}" = lport=445 | protocol=6 | dir=in | app=system |

"{12F613B8-4936-4EF1-B330-839BF5BEBCD4}" = rport=445 | protocol=6 | dir=out | app=system |

"{15477B3B-0AED-4607-96DB-887FACFF9CBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{210775BE-9C7F-4059-84AE-7B68DE42C846}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{299FFFC1-9802-496B-AE46-EF36A4D52B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{38F224A2-9F2C-4CA8-8FB6-FB2079E467AD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{4241DA6E-3490-421A-88A0-FA5581CDFBFD}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4C26FE3D-1B03-48CF-A9F6-50B2F4BA4255}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{502C1B16-6E38-481B-884D-3B74AF3E5964}" = lport=138 | protocol=17 | dir=in | app=system |

"{52F89C4B-6D84-4367-888A-2E2F83198B1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{55347850-CA1F-4D4D-940C-DF4BEB4D7D23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5A894EF1-E0EC-4C16-A8A9-EA806CA3EBA0}" = rport=10243 | protocol=6 | dir=out | app=system |

"{62A665D1-6F39-4042-AE4A-3ABB5A646A92}" = lport=139 | protocol=6 | dir=in | app=system |

"{69402169-3B7E-431F-BA80-1E1664FFEB7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7039801C-1994-4C02-AF55-60E22CE16589}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{7718ACED-E7DC-4BD2-BDE4-AE093971F93E}" = rport=138 | protocol=17 | dir=out | app=system |

"{920E4089-E534-4465-BCF5-349A765B07A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A8DE6447-CB8A-4FAC-BF32-17D9EB922013}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AC163A75-A3EE-46DD-92D6-0C21B32743ED}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AEF952B8-DAA9-4017-9601-64FE0CB8CBF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BD8B4A61-235E-415E-906D-D604F2A51424}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D15E36CF-B6BE-4C60-827C-A87D7495B37E}" = rport=139 | protocol=6 | dir=out | app=system |

"{D1B71E89-41CE-418C-AF99-8306EE370A6D}" = lport=137 | protocol=17 | dir=in | app=system |

"{DBC8372D-B9B3-49DF-8354-DB1D87E084D5}" = rport=137 | protocol=17 | dir=out | app=system |

"{E1611F85-6590-43A5-BDF1-5940F95C2013}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E8E6A2C1-E861-4CC4-ADE0-7D73CA14A503}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{FA234F55-F31B-49C9-8862-8F579E63D150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{002695D9-6FC5-48C9-96FB-3E548DE7A49C}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{030A927A-5D26-41A0-9BE9-EE2DC03FAA74}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |

"{062304AC-6DCA-4C92-8FE0-4D7A16A7E34A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0D605970-33DC-482B-9573-83F6DE5C6999}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe |

"{131BADBE-1DCF-472C-8209-1B5FD386C1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{14117329-4B12-45E9-AF3D-4458DAA31B41}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{166E1771-E3C7-4AC0-92A8-B359E826B5C6}" = protocol=6 | dir=out | app=system |

"{167885C6-D071-49BD-ABE2-97C08BE93384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{1D7000F9-64CE-4D5D-BA69-6DB19541217F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{21276D78-6C24-4541-B786-A51A4925FBAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{2130AA7A-0EAA-4BD1-8933-AEC6190DE918}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{21E81B1D-E4DD-4A0B-8AAB-C677701EDCD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{25EB2757-5CA2-4BCA-A56E-D43583545D28}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |

"{2E55E7BC-A746-45D0-9FDE-EC36F6382A67}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{2FA9E544-6808-4DBF-8C99-B2AA9C3CDD79}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{30261BBE-D26C-4BBC-BD78-3F75177E980A}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"{39DC6E3A-4769-4F23-B15E-DED2BBF3851E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{3B303FBC-259F-4229-9429-86471C239886}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{4051D5B5-3202-4962-80DB-E5F33881F493}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |

"{41CE6C17-2AE6-46B4-A0D2-E457CB1F0B1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{443651D1-811F-40CC-AAEB-35BCF421ED6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{49C16CAD-D956-4EC5-99E7-ED8E34A2F0E2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{4B219EAD-0F0D-44B0-9195-7B3F97DEE832}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4C98B0E1-D197-41E1-BDE8-0504F836162B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{4D241D13-277E-4EF2-840B-98E846B919E9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{4FEA1CFC-1073-432A-AA15-7C39456883D7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe |

"{57500B0B-964D-434A-A6B0-09D35F5223C2}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5A9E5897-38AC-48C8-8F32-71FCD4D6A356}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{5F900569-5191-46FB-8E7E-25DD1362144A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5FF440B1-3403-472E-B654-71AFAFAA1FAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{6175DC72-63EA-47AF-A25F-FB76F5E72566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{63296FED-0112-4EFC-91FB-3757689CAB67}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{6A4E10DD-BAD6-44FB-83E8-48AA3A525D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |

"{6BEA9952-4249-46F0-92AB-8137AF2E3A07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{7258E239-4EBD-4908-B485-D66E0E917A47}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{763E99AB-9623-4A8F-B3C0-29F54F819B4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{795DF500-626F-412B-BF18-FD87D2FABF8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{7BC8F09B-4E0B-40CF-BA26-F30620972FB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{84592871-0879-4088-A612-BCC7EFF7DDB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{863C166C-36F9-4989-BFD8-79A1DBDB356D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"{8BF3CB91-8395-41EC-A3FB-EF7483B47B8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{90410852-CD5A-4E96-AD3B-5DE43E20FA0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{904173DF-C20C-4E68-BC03-140EE5F7EA2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{90EF3CE3-9EC4-42D4-8A5B-A0E7261E987E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{927940D9-354F-40E1-B3AE-86F494D6B1AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{96DFD82A-1D9B-40B9-8BF2-02A22CB6A5AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{97DB02A1-5BFC-4174-89C5-FF6B06C5A1F3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{9B984979-9147-48BB-AFEC-A1C4B520945B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9C7BDEA4-5BDA-4DB7-B052-0F812A28B66D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{A60AB9AD-4A3B-4837-87F7-65A7581B936E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{A745F342-7F70-40C9-9DA8-B178D8AEFD05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{A7CD4556-61FB-43E6-900D-3BB86E3FCBCB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{AE685A90-99FB-4B71-A580-7BB107CD0571}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{B1FCBE00-E002-4E73-B09E-D71E9483040E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{B472E4D4-C4FD-492C-9B1F-8121957E6153}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B6C1629A-B2FE-472A-9ED6-F244178DD393}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe |

"{BA4C0BE9-00F5-4300-8DB2-CCAE3A463BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |

"{BB1402C3-2EEB-47AC-B60C-58FF3A54CC24}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{BF756A8B-23FD-4FE3-AA1E-6605968759A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C2FB49FC-DD4D-4719-BD75-3C823A0B3111}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{C3E93914-DDDE-4987-A26A-2BABB32C7B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C76562F9-D1A3-4D59-B45D-D2A00F00B32D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{C919CE87-919E-4B54-B5DD-1D3271C5F5DD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{CFEADF16-FDB0-4414-A658-687E20E1A9C3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{D6381608-31BC-447A-BCEB-FA0D92C05DEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |

"{D8C59831-6F26-4444-8B4E-CD80DA599838}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{DF16622B-3F5C-4A4D-AD8F-B8B9A5E2E94C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{E1AEBC62-C1D7-4476-AA6F-E33A749D117D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{E8585484-A4C2-42AF-9761-7FFAF93AE68A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{EC687BBD-2898-44AA-B7EF-2399DCE64114}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{ED01CDF8-E4D3-49BC-9BAC-7B839225E6E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EEF02052-1B91-4E2B-9D06-B02DDE0DEA71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{F0799CF4-7DF8-46EC-8986-6CA446E70453}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{F2ACE324-C6AE-4954-A8B0-F266DD77ACF2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{F89F45EE-9647-4A24-A378-12A1F085B149}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{F9A454F3-3781-44B3-924F-51E01B112C82}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe |

"{FAF666CF-D14D-4FB5-A3A9-71F22EB0E51B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{FB5AA6FF-CB84-4453-AAD3-558DC0C31FB0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{FCA10BE2-5B2C-4E98-B0B9-5FA472430BDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FDDC6810-A3FE-4BDF-884A-16A94D4B12EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{3B829585-5C2B-43B4-AC8C-48677A100153}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |

"UDP Query User{2BBDB323-C743-4D61-9044-A77246432D26}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)

"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard

"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK

"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu

"{7495DE6E-A83A-17DE-994A-C42D1D78B307}" = AMD Fuel

"{7B02BD23-7843-4481-5778-B20110993E0D}" = WMV9/VC-1 Video Playback

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B1F3524F-1F3B-4B79-0346-38669CD828C8}" = ccc-utility64

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64

"{FDAA17FB-9CDD-AA3B-ED37-FA6F0C052123}" = ATI Catalyst Install Manager

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"HoldemManager" = Holdem Manager

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3

"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A00CD93-492D-0B32-C144-A8B9792CCE3E}" = Catalyst Control Center Localization All

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{52F8811F-2BA4-F47F-600C-8C93C94E93DD}" = Catalyst Control Center InstallProxy

"{5BC352F2-A0F5-5162-B519-ADCD72761DCE}" = ccc-core-static

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{818E0212-DA58-E255-00D2-4C22D50A12F2}" = CCC Help English

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95587AD6-8953-3288-49A1-4BBD8655E94D}" = Catalyst Control Center Graphics Previews Common

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C1D11949-25D7-4C0F-AA72-7759FD8A089B}" = Sierra Wireless Watcher

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup

"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA

"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro

"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup

"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro

"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO

"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents

"{F8423392-2296-4748-9B66-344432459632}" = PureHD

"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share

"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO

"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro

"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Diablo III" = Diablo III

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ExpressVPN" = ExpressVPN v3.091

"Google Chrome" = Google Chrome

"HoldemManager2" = Holdem Manager 2

"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"MSC" = McAfee Total Protection

"My HP Game Console" = HP Game Console

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PokerStars" = PokerStars

"Portforward Static IP Address" = Portforward Static IP Address 1.0.45

"StarCraft II" = StarCraft II

"Veetle TV" = Veetle TV

"WildTangent hp Master Uninstall" = HP Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"WT087328" = Blackhawk Striker 2

"WT087342" = Dora's Carnival Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087374" = Jewel Quest - Heritage

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087420" = Agatha Christie - Death on the Nile

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087513" = Virtual Villagers - The Secret City

"WT087533" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"101a9f93b8f0bb6f" = Curse Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/12/2012 2:35:24 AM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10062

Error - 12/12/2012 6:00:34 AM | Computer Name = Symesko-LT | Source = Application Error | ID = 1000

Description = Faulting application name: atieclxx.exe, version: 6.14.11.1069, time

stamp: 0x4c96bf4d Faulting module name: atiadlxx.dll, version: 6.14.10.1054, time

stamp: 0x4c96b718 Exception code: 0xc0000005 Fault offset: 0x000000000001f468 Faulting

process id: 0x504 Faulting application start time: 0x01cdd824cf472b24 Faulting application

path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atiadlxx.dll

Report

Id: c50d801f-4442-11e2-93a7-f8b8d9e4c4f2

Error - 12/12/2012 6:27:13 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194

Description =

Error - 12/12/2012 6:34:52 AM | Computer Name = Symesko-LT | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed: There are currently no active network connections. Background

Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 12/12/2012 6:58:34 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 12/12/2012 7:05:27 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 53767148

Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 53767148

Error - 12/14/2012 12:37:49 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194

Description =

[ Hewlett-Packard Events ]

Error - 4/4/2012 9:12:52 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 5/22/2012 11:01:16 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 7:24:11 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 7/14/2012 2:28:40 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 8/14/2012 7:40:39 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 10/2/2012 11:38:55 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 10/26/2012 2:03:48 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

Error - 11/14/2012 7:47:12 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000

Description =

[ HP Wireless Assistant Events ]

Error - 8/23/2011 7:49:49 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/1/2011 8:54:34 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 1/5/2012 1:46:13 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/18/2012 2:44:08 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/18/2012 2:44:15 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3/20/2012 11:45:45 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/7/2012 12:55:19 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 6/7/2012 12:55:56 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 6/13/2012 3:10:34 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 6/13/2012 3:10:46 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

[ System Events ]

Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe

Listener Adapter service to connect.

Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7000

Description = The Net.Pipe Listener Adapter service failed to start due to the following

error: %%1053

Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001

Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing

Service service which failed to start because of the following error: %%1053

Error - 12/12/2012 6:24:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001

Description = The SBSD Security Center Service service depends on the Security Center

service which failed to start because of the following error: %%1058

Error - 12/12/2012 6:25:49 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016

Description =

Error - 12/12/2012 10:25:34 PM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the HP Wireless Assistant Service service.

Error - 12/14/2012 12:34:24 AM | Computer Name = Symesko-LT | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:34:53 PM on ?12/?12/?2012 was unexpected.

Error - 12/14/2012 12:34:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001

Description = The SBSD Security Center Service service depends on the Security Center

service which failed to start because of the following error: %%1058

Error - 12/14/2012 12:35:44 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016

Description =

Error - 12/14/2012 12:39:34 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

OTL logfile created on: 12/13/2012 11:01:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free

11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS

Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS

Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32

Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe

PRC - [2012/12/08 23:16:05 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe

PRC - [2012/11/27 20:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/10/31 11:30:36 | 000,659,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/06/24 22:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

PRC - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

PRC - [2009/12/10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

PRC - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

PRC - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe

PRC - [2009/04/20 09:48:42 | 000,053,248 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe

PRC - [2009/03/09 14:07:04 | 000,554,264 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe

PRC - [2008/10/20 14:32:48 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe

PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/27 20:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll

MOD - [2012/11/27 20:43:16 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

MOD - [2012/11/27 20:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

MOD - [2012/11/27 20:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll

MOD - [2012/11/27 20:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll

MOD - [2012/11/27 20:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll

MOD - [2012/11/27 20:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll

MOD - [2012/11/27 20:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/22 13:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/11/22 13:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/11/22 13:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

MOD - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe

MOD - [2009/03/09 13:59:24 | 000,218,392 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2011/04/20 18:02:16 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011/02/01 22:24:33 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/02/01 22:24:32 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/01/04 22:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/15 10:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2010/02/23 07:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/11 21:52:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/06/29 20:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)

SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2011/04/26 02:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/01 22:24:33 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/01/21 18:48:46 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2011/01/21 18:48:46 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/27 01:32:55 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/08/24 09:45:08 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp)

DRV:64bit: - [2010/06/24 22:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/05/06 06:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/27 15:56:56 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)

DRV:64bit: - [2009/02/27 15:51:40 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00)

DRV:64bit: - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{362241FC-7EFA-4221-8898-51DBB3C51684}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{85F267E2-6A69-4D86-92A6-D573E712C412}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{9EA4E6D6-2A3C-46A2-9F51-502F02495DE4}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

IE - HKLM\..\SearchScopes\{B503DCCC-5DA5-44DC-A6F6-ED6879F4AEF0}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON/4

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/29 19:07:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/11/09 16:17:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/14 21:21:49 | 000,000,000 | ---D | M]

[2012/12/10 08:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/28 08:29:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012/03/17 15:57:05 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - homepage: about:blank

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\McChPlg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: Google Drive = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: SiteAdvisor = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\

CHR - Extension: Gmail = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/04 19:09:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)

O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe (Sierra Wireless Inc.)

O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)

O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.18.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B19133-7C9A-45EE-95D1-EB804ED02A2D}: DhcpNameServer = 192.168.18.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD07131E-5218-4DA1-9F97-E33433D24BA1}: DhcpNameServer = 184.151.118.254 70.28.245.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2C6E474-AE3E-4CAC-858F-43F0D53B4844}: DhcpNameServer = 8.8.8.8 8.8.4.4

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/13 23:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/12/13 22:58:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe

[2012/12/10 08:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/12/09 20:46:34 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/12/08 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/12/08 23:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/12/05 23:28:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/05 23:20:36 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/05 23:20:16 | 000,914,301 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe

[2012/12/05 23:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/04 19:12:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/04 18:50:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/04 18:50:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/04 18:50:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/04 18:42:30 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/04 18:41:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/04 18:15:03 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe

[2012/12/03 21:04:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe

[2012/12/03 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Symesko\Desktop\RK_Quarantine

[2012/12/03 18:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/12/03 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/11/21 19:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2012/11/21 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

[2012/11/14 19:05:28 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys

[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe

[2012/12/13 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/13 22:26:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/13 21:34:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012/12/13 21:34:31 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Nwqp.job

[2012/12/13 21:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/13 21:34:21 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/12 19:26:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/12 03:24:14 | 000,312,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/10 08:44:07 | 000,001,437 | ---- | M] () -- C:\Users\Symesko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/10 08:36:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/12/10 08:36:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/12/10 08:21:36 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/09 20:57:04 | 000,859,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/09 20:12:21 | 000,856,731 | ---- | M] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe

[2012/12/08 23:16:39 | 000,002,289 | ---- | M] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk

[2012/12/05 23:20:20 | 000,914,301 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe

[2012/12/05 23:20:20 | 000,723,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/05 23:20:20 | 000,145,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/05 06:59:52 | 000,540,743 | ---- | M] () -- C:\Users\Symesko\Desktop\adwcleaner.exe

[2012/12/04 19:09:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/12/04 18:15:15 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe

[2012/12/03 21:06:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe

[2012/12/03 20:06:15 | 000,752,128 | ---- | M] () -- C:\Users\Symesko\Desktop\RogueKiller.exe

[2012/12/03 18:10:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/11/28 03:20:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSymesko.job

[2012/11/21 19:54:04 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/10 08:36:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/12/10 08:36:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/12/10 08:21:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/10 08:21:36 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/09 20:12:19 | 000,856,731 | ---- | C] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe

[2012/12/08 23:16:39 | 000,002,289 | ---- | C] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk

[2012/12/08 23:16:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/08 23:16:12 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/05 06:59:43 | 000,540,743 | ---- | C] () -- C:\Users\Symesko\Desktop\adwcleaner.exe

[2012/12/04 18:50:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/04 18:50:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/04 18:50:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/04 18:50:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/04 18:50:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/03 20:06:08 | 000,752,128 | ---- | C] () -- C:\Users\Symesko\Desktop\RogueKiller.exe

[2012/12/03 18:10:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/11/21 19:54:04 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012/11/16 03:12:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/16 03:03:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/08/07 20:32:58 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\kbd101V.dll

[2011/06/12 17:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI

[2011/04/12 11:58:44 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf

[2011/02/21 23:28:34 | 000,000,600 | ---- | C] () -- C:\Users\Symesko\AppData\Local\PUTTY.RND

[2011/01/19 17:55:46 | 000,844,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/30 00:39:08 | 000,001,854 | ---- | C] () -- C:\Users\Symesko\AppData\Roaming\GhostObjGAFix.xml

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/09 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\DigitalPersona

[2012/06/22 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\ExpressVPN

[2011/02/21 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\FreeCap

[2012/11/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HEM Data

[2012/12/09 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HoldemManager

[2011/02/16 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\PFStaticIP

[2010/12/09 21:42:36 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Razer

[2010/12/13 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Sierra Wireless

[2012/12/05 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\SoftGrid Client

[2011/01/19 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\TP

[2011/02/09 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Windows Live Writer

[2012/04/27 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Xerox

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Not much showing......

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~

Please run this online scanner:

http://www.microsoft...us/default.aspx <---------Microsoft Safety Scanner

MrC

Link to post
Share on other sites

<p>Here is the log file</p>

<p> </p>

<p> </p>

<div>All processes killed</div>

<div>========== OTL ==========</div>

<div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>

<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>

<div>64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div>

<div>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div>

<div>Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div>

<div>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div>

<div>========== COMMANDS ==========</div>

<div> </div>

<div>[EMPTYJAVA]</div>

<div> </div>

<div>User: All Users</div>

<div> </div>

<div>User: Default</div>

<div> </div>

<div>User: Default User</div>

<div> </div>

<div>User: DefaultAppPool</div>

<div> </div>

<div>User: postgres</div>

<div> </div>

<div>User: Public</div>

<div> </div>

<div>User: Symesko</div>

<div>->Java cache emptied: 3248641 bytes</div>

<div> </div>

<div>Total Java Files Cleaned = 3.00 mb</div>

<div> </div>

<div> </div>

<div>[EMPTYTEMP]</div>

<div> </div>

<div>User: All Users</div>

<div> </div>

<div>User: Default</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div> </div>

<div>User: Default User</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 0 bytes</div>

<div> </div>

<div>User: DefaultAppPool</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div> </div>

<div>User: postgres</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div> </div>

<div>User: Public</div>

<div>->Temp folder emptied: 0 bytes</div>

<div> </div>

<div>User: Symesko</div>

<div>->Temp folder emptied: 16733501 bytes</div>

<div>->Temporary Internet Files folder emptied: 14290906 bytes</div>

<div>->Java cache emptied: 0 bytes</div>

<div>->Google Chrome cache emptied: 46498203 bytes</div>

<div>->Flash cache emptied: 826 bytes</div>

<div> </div>

<div>%systemdrive% .tmp files removed: 0 bytes</div>

<div>%systemroot% .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 (64bit) .tmp files removed: 69032 bytes</div>

<div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div>

<div>Windows Temp folder emptied: 13388735 bytes</div>

<div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73916 bytes</div>

<div>RecycleBin emptied: 0 bytes</div>

<div> </div>

<div>Total Files Cleaned = 87.00 mb</div>

<div> </div>

<div> </div>

<div>[EMPTYFLASH]</div>

<div> </div>

<div>User: All Users</div>

<div> </div>

<div>User: Default</div>

<div> </div>

<div>User: Default User</div>

<div> </div>

<div>User: DefaultAppPool</div>

<div> </div>

<div>User: postgres</div>

<div> </div>

<div>User: Public</div>

<div> </div>

<div>User: Symesko</div>

<div>->Flash cache emptied: 0 bytes</div>

<div> </div>

<div>Total Flash Files Cleaned = 0.00 mb</div>

<div> </div>

<div> </div>

<div>OTL by OldTimer - Version 3.2.69.0 log created on 12142012_195553</div>

<div> </div>

<div>Files\Folders moved on Reboot...</div>

<div>C:\Users\Symesko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div>

<div> </div>

<div>PendingFileRenameOperations files...</div>

<div> </div>

<div>Registry entries deleted on Reboot...</div>

<div> </div>

<div> </div>

<div>The Internet connection in this hotel isn't the best, so I may have to wait to run that tool. I'll post once it's run.</div>

Link to post
Share on other sites

Here is the log from Silent Runners

"Silent Runners.vbs", revision 64, http://www.silentrunners.org/

Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [Hewlett-Packard Company]

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]

ISUSPM = "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [Acresso Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

SmartMenu = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [null data]

HPWirelessAssistant = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [null data]

SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe

CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}

mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.]

Lachesis = C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [empty string]

TRUUpdater = "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground [sierra Wireless, Inc.]

WatcherHelper = "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [sierra Wireless Inc.]

StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]

HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [Hewlett-Packard Development Company, L.P.]

APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]

CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.]

QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]

SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]

Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]

AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM…Wow…CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM…Wow…CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

MOBK2\(Default) = {e6ea1d7d-144e-b977-98c4-84c53c1a69d0}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

MOBK3\(Default) = {b4caf489-1eec-c617-49ad-8d7088598c06}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} = NSE_WithSubFld

-> {HKLM…CLSID} = NSE_WithSubFld

\InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll [null data]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension

-> {HKLM…CLSID} = SimpleShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [synaptics Incorporated]

{3c3f3c1a-9153-7c05-f938-622e7003894d} = McAfee Online Backup Shell Extensions

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} = McAfee Online Backup Shell Extensions Icon Overlay 2

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

{b4caf489-1eec-c617-49ad-8d7088598c06} = McAfee Online Backup Shell Extensions Icon Overlay 3

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

{781bca65-20ed-8f6a-368f-b523ec4f51b2} = McAfee Online Backup Shell Extensions NSE

-> {HKLM…CLSID} = McAfee Online Backup

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search

-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension

-> {HKLM…CLSID} = DisplayCplExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} = Microsoft Image Composite Editor

-> {HKCU…CLSID} = CShellStitcher Object

\InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM…CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM…CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{DBD8E168-244D-448C-9922-25508950D1DC} = Ulead UDF Driver

-> {HKLM…Wow…CLSID} = USIShellExt Class

\InProcServer32\(Default) = c:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [ulead Systems, Inc.]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM…Wow…CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> (DPPassFilter [DigitalPersona, Inc.]) Notification Packages = DPPassFilter|scecli

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{FD2AB138-F9A8-4ab6-9095-EEE7AF8B6C28}\(Default) = DigitalPersona Credential Provider Filter

-> {HKLM…CLSID} = ProvFilter Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{2A16DF2F-490B-4F2B-8C68-21EF46FCCC37}\(Default) = DigitalPersona Password Credential Provider

-> {HKLM…CLSID} = PswWrapProv Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

{3ADC7042-51AF-4D0F-BD1D-4D6965A77323}\(Default) = DigitalPersona Fingerprint Credential Provider

-> {HKLM…CLSID} = FingerProv Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

{4C0F0D42-DA2D-45da-85BC-B7A1AB53BF65}\(Default) = DigitalPersona CryptoToken Credential Provider

-> {HKLM…CLSID} = TokenProv Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

{57E84B57-5533-4624-AB49-E29C8C5489D6}\(Default) = DigitalPersona External Credential Provider

-> {HKLM…CLSID} = ExternalProv Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

{70099717-17C8-4BD0-B3D4-FAF721AB1A62}\(Default) = DigitalPersona Smartcard Credential Provider

-> {HKLM…CLSID} = SCardWrapProv Class

\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider

-> {HKLM…CLSID} = WLIDCredentialProvider

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692}

-> {HKLM…CLSID} = McInternetProtocolRoot Class

\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL [McAfee, Inc.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}

-> {HKLM…CLSID} = McAfee SACore Protocol Handler

\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]

<<!>> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}

-> {HKLM…CLSID} = McAfee SACore Protocol Handler

\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\(Default) = (no title provided)

-> {HKCU…CLSID} = CShellStitcher Object

\InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM…CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7}

-> {HKLM…CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data]

McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}

-> {HKLM…CLSID} = McCtxFrmWrk Class

\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM…CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7}

-> {HKLM…CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data]

MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}

-> {HKLM…CLSID} = SimpleShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM…CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM…CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}

-> {HKLM…CLSID} = McCtxFrmWrk Class

\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]

MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}

-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions

\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CDSUnknownContentOnArrival\

Provider = Corel VideoStudio Pro

InvokeProgID = CorelDigitalStudio.AutoPlay

InvokeVerb = CDSUnknownContentOnArrival

HKLM\SOFTWARE\Classes\CorelDigitalStudio.AutoPlay\shell\CDSUnknownContentOnArrival\Command\(Default) = c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\vstudio.exe /T:UVSClassic /parameters:Step=0,Handler=UnknownContentOnArrival,DeviceHint=%1 [Corel TW Corp.]

CDSVideoCameraArrival\

Provider = Corel VideoStudio Pro

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = "c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\\vstudio.exe" /T:UVSClassic /parameters:Step=0,Handler=VideoCameraArrival,DeviceHint=%1

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM…CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

Corel PaintShop Photo Pro X3ShowPicturesOnArrivalHandler\

Provider = Corel PaintShop Photo Pro X3

InvokeProgID = PaintShopPhotoProX3.Image

InvokeVerb = Review

HKLM\SOFTWARE\Classes\PaintShopPhotoProX3.Image\shell\Review\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" /Review "%1" [Corel, Inc.]

HPMSDVDPlayBluRayArrival\

Provider = HP MediaSmart DVD

InvokeProgID = BD

InvokeVerb = PlayWithHPMediaSmartDVD

HKLM\SOFTWARE\Classes\BD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]

HPMSDVDPlayDVDMovieOnArrival\

Provider = HP MediaSmart DVD

InvokeProgID = DVD

InvokeVerb = PlayWithHPMediaSmartDVD

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]

HPMSDVDPlayVCDMovieOnArrival\

Provider = HP MediaSmart DVD

InvokeProgID = VCD

InvokeVerb = PlayWithHPMediaSmartDVD

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MediaSmartDVFilesArrival\

Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video dv

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM…CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

MediaSmartPhotoPictureFilesArrival\

Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101

InvokeProgID = Picture

InvokeVerb = PlayWithMediaSmartPhoto

HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaSmartPhoto\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe" photo import "%L" [CyberLink Corp.]

MediaSmartVideoFilesArrival\

Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101

InvokeProgID = VideoFiles

InvokeVerb = PlayWithMediaSmartVideo

HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaSmartVideo\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video import "%L" [CyberLink Corp.]

MSLivePhotoAcquireDropHandler\

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.LivePhotoAcqDTShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.AudioCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.DVD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMEncVCArrival\

Provider = Windows Media Encoder 9 Series

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM…CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

MSWMPBurnCDOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.BurnCD

InvokeVerb = Burn

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

P2GCDBurningOnArrival\

Provider = Power2Go

InvokeProgID = BlankCD

InvokeVerb = OpenWithPower2Go

HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

P2GDVDBurningOnArrival\

Provider = Power2Go

InvokeProgID = BlankDVD

InvokeVerb = OpenWithPower2Go

HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

PDirDVArrival\

Provider = PowerDirector

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM…CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

Power2GoPlayCDAudioOnArrival\

Provider = Power2Go

InvokeProgID = AudioCD

InvokeVerb = PlayWithPower2Go

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]

PStarterBlankCDArrival\

Provider = DVD Suite

InvokeProgID = BlankCD

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterDVDBurningOnArrival\

Provider = DVD Suite

InvokeProgID = BlankDVD

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMixedCDArrival\

Provider = DVD Suite

InvokeProgID = MixedContent

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMusicFilesArrival\

Provider = DVD Suite

InvokeProgID = MusicFiles

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterPicturesArrival\

Provider = DVD Suite

InvokeProgID = Picture

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterVideoFilesArrival\

Provider = DVD Suite

InvokeProgID = VideoFiles

InvokeVerb = OpenWithPowerStarter

HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]

WIA_{6D96E87A-CE06-4458-9F7E-4BF6045132A4}\

Provider = Corel PaintShop Photo Pro X3

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{BEE6156E-FF18-4592-BA31-53457140584C}\

Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe.exe photo import wpd %1 %2;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{C499E75D-9B79-43AB-A21D-0FC1B4BC46AC}\

Provider = MP Navigator EX Ver4.0

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F5C7F58A-12E5-4357-8B2F-5F8057D8EF70}\

Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe.exe video import wpd %1 %2;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F7BDBE51-11D0-4A03-A256-9EB6D68762EB}\

Provider = Corel PaintShop Photo Pro X3

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch /StiDevice:%1 /StiEvent:%2;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Symesko" & "All Users" startup folders:

---------------------------------------------------------

C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

<<!>> CurseClientStartup.ccip [null data]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus -> shortcut to: C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [McAfee, Inc.]

Windows Sidebar Gadgets:

------------------------

C:\Users\Symesko\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget"

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CAVG.Gadget%5C"

Non-disabled Scheduled Tasks:

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

HPCeeScheduleForSymesko -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForSymesko (null) [null data]

MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [CyberLink]

Nwqp -> launches: C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\kbd101V.dll",zoqpo [MS]

RecoveryCDWin7 -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" RecoveryCDWin7 ShowMessageTask [null data]

ServicePlan -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" ServicePlan ShowMessageTask15D [null data]

{7B5720EF-B4A5-4230-9FA7-306AE8034B20} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Symesko\Downloads\PokerStarsInstall(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" [MS]

C:\Windows\System32\Tasks\Apple

AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant

HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [null data]

PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data]

Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 [null data]

Warranty Opt-In(No) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=2 [null data]

Warranty Opt-In(Yes) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=1 [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM…CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM…CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

-> {HKLM…Wow…CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]

ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]

DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]

ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM…CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM…CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM…CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM…CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM…CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM…CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

-> {HKLM…Wow…CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM…CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]

ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor

-> {HKLM…CLSID} = McAfee SiteAdvisor Toolbar

\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor

-> {HKLM…Wow…CLSID} = McAfee SiteAdvisor Toolbar

\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX

-> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX

\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{25510184-5A38-4A99-B273-DCA8EEF6CD08}\

ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103

MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102

Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data]

{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\

ButtonText = PokerStars

Exec = C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [PokerStars]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]

AMD FUEL Service, AMD FUEL Service, C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [Advanced Micro Devices, Inc.]

AMD Reservation Manager, AMD Reservation Manager, "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [Advanced Micro Devices]

Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation]

Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]

Application Host Helper Service, AppHostSvc, C:\Windows\system32\svchost.exe -k apphost {C:\Windows\system32\inetsrv\apphostsvc.dll [MS]}

Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]

Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]

Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [iDT, Inc.]

Authentication Service, DpHost, C:\Program Files\DigitalPersona\Bin\DpHostW.exe [DigitalPersona, Inc.]

AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]

AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [AVG Technologies CZ, s.r.o.]

Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]

Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data]

Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]

HP Service, hpsrv, C:\Windows\system32\Hpservice.exe [Hewlett-Packard Company]

HP Software Framework Service, hpqwmiex, "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [Hewlett-Packard Company]

HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data]

HP Wireless Assistant Service, HP Wireless Assistant Service, "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [null data]

HPWMISVC, HPWMISVC, C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [Hewlett-Packard Development Company, L.P.]

iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]

LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company]

McAfee Anti-Spam Service, MSK80Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee Firewall Core Service, mfefire, "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [McAfee, Inc.]

McAfee McShield, McShield, "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [McAfee, Inc.]

McAfee Network Agent, McNASvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee Online Backup, MOBKbackup, "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [McAfee, Inc.]

McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee Services, mcmscsvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

McAfee Validation Trust Protection Service, mfevtp, "C:\Windows\system32\mfevtps.exe" [McAfee, Inc.]

McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]

Net.Pipe Listener Adapter, NetPipeActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]

Net.Tcp Listener Adapter, NetTcpActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]

Net.Tcp Port Sharing Service, NetTcpPortSharing, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]

Validity VCS Fingerprint Service, vcsFPService, C:\Windows\system32\vcsFPService.exe [Validity Sensors, Inc.]

Windows Process Activation Service, WAS, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}

World Wide Web Publishing Service, W3SVC, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> mcmscsvc, (title not found)

<<!>> MCODS, (title not found)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> DpHost, Service

<<!>> McMPFSvc, Service

<<!>> mcmscsvc, (title not found)

<<!>> MCODS, (title not found)

<<!>> mfefire, Driver

<<!>> mfefirek, Driver

<<!>> mfefirek.sys, Driver

<<!>> mfehidk, Driver

<<!>> mfehidk.sys, Driver

<<!>> mfevtp, Driver

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor MP495 series\Driver = CNMLMA9.DLL [CANON INC.]

Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]

PCL hpf3lw73\Driver = hpf3lw73.dll [Hewlett-Packard Company]

---------- (launch time: 2012-12-19 10:55:50)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 109 seconds, including 16 seconds for message boxes)

Link to post
Share on other sites

Not seeing anything.

Can you think of when the redirects started? Did you install any programs or add-ons around the same time?

For now go to the Chrome webstore, in the box in the upper left hand side..

Type in redirects and hit enter on your keyboard.

It will show several extensions for dealing with redirects

Try some of them and see if one will stop the redirects:

https://chrome.googl...irects?hl=en-US

In the mean time I'll do some more research on what we can do next.....MrC

Link to post
Share on other sites

I restored the file, but when I went to the website it wouldn't let me "open" that file. A window popped up saying I didn't have permission and had to contact the owner or admin. I'm the only user on this computer and I have Admin rights. I tried to open a half dozen other files in the folder, and had zero issues.

While I had the file restored, I tried some searches but didn't get redirected.

One thing I have done is changed an addon I use with World of Warcraft, and I've done that within the past few days. I removed the old one from my computer, and I know that addons for that game are notorious for having virus' in them. I would almost think that when re-installed WoW was about the time the re-directs started, but I can't be 100% on that.

My AV keeps picking up that file, so I have removed it again.

I haven't used any of the extensions.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.