Jump to content


Photo
- - - - -

many problems


  • This topic is locked This topic is locked
5 replies to this topic

#1 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 29 December 2013 - 08:02 PM

well the first problem im having is my computer says rundll32 is not working when i boot up my computer. the second problem im having is my battery does not work on my laptop. when i unplug my power cord it immediately goes black and shuts down. and last when i try to do a log file it says 'for some reason your system denied write access to the host file. if any hijacked domains are in this file hijackthis may not be able to fix this. if that happens you need to edit the file yourself. to do this click start, run and type: notepad c:\windows\system32\drivers\etc\hosts and press enter. find the line(s) hijackthis reports and delete them. save the file as 'hosts' with quotes and reboot. for vista(which i have) simply , exit hijackthis, right click on the hijackthis icon, choos 'run as administrator'. but i dont see a run as administrator option. and it does not allow me to get the log file either.



#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 30 December 2013 - 05:21 PM

Can you do the following: Forget about Hijackthis, we'll use other tools for now
 
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and right click on OTL.exe and choose to "Run as Administrator"
  • Select "Scan All Users"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 04 January 2014 - 04:08 PM

i apologize for taking so long. christmas and everything being hectic. here is the logs.

 

 

OTL.txt---

 

 

 

 

OTL logfile created on: 1/4/2014 3:47:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\norad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.32% Memory free
8.19 Gb Paging File | 5.48 Gb Available in Paging File | 66.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 166.72 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 30.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NORAD-PC | User Name: norad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/04 15:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
PRC - [2013/12/16 03:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 03:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/11/08 18:51:17 | 001,707,472 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 20:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 20:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [1622/05/04 11:26:22 | 000,999,200 | ---- | M] (Conduit Ltd.) -- C:\Users\norad\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/26 14:47:18 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/18 17:04:46 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/18 17:03:44 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/18 17:03:02 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/18 17:02:31 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/08/15 02:45:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/15 02:44:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\SystemWebsite removed for spammingntime.Remoting.ni.dll
MOD - [2013/08/15 02:44:52 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 02:44:52 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/15 02:44:52 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 02:38:19 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 02:37:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 02:37:43 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/15 02:36:46 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/10 02:53:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 02:52:54 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 00:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 20:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/25 20:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/06/29 17:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2008/09/11 05:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 09:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/12/28 12:22:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files (x86)\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/04 13:46:36 | 000,058,256 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hlnfd.sys -- (hlnfd)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/03/31 10:26:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/09/11 05:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/05 21:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/22 09:42:34 | 000,170,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/21 04:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/23 05:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 05:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 05:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/04/28 19:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 05:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5D9FA932-8D8C-40EC-9192-A538B6854A52}
IE:64bit: - HKLM\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {3E37E123-445C-4848-8E34-279F96B6BD39}
IE - HKLM\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{5815a829-6908-46b0-8b10-0036b333371e}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
IE - HKLM\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN60480715371022752&UM=2&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445&q={searchTerms}&S41CIE
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{3E37E123-445C-4848-8E34-279F96B6BD39}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN60480715371022752&UM=2&SSPV=S41CIE
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{5815a829-6908-46b0-8b10-0036b333371e}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{F8067152-A584-4D16-8CF3-7CA33368DB75}: "URL" = http://www.search.as...2-29&trgb=IE&q={searchTerms}&psv=
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3309759.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Swirlz Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...archSource=3&q={searchTerms}&sspv=S41A"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.119
FF - prefs.js..extensions.enabledAddons: %7B4cb3c467-0d72-44e6-9237-750b9b8b5ac9%7D:10.23.0.726
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.93.148
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\norad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\norad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/12/28 12:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{57c20073-e24b-4b2a-aa91-70d1ad526cbf}: C:\Program Files (x86)\PassShow\150.xpi [2013/12/29 15:32:22 | 000,011,866 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\norad\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ [2013/12/29 15:32:54 | 000,000,000 | ---D | M]
 
[2009/06/07 10:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Extensions
[2013/12/29 14:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions
[2010/05/25 18:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/28 12:25:02 | 000,000,000 | ---D | M] (Swirlz) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{4cb3c467-0d72-44e6-9237-750b9b8b5ac9}
[2013/08/23 16:34:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/28 11:41:17 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com
[2013/12/28 12:12:33 | 000,000,000 | ---D | M] ("Plus-HD-1.2") -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData\plugins
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData\userCode
[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData
[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData\plugins
[2013/12/28 11:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData\userCode
[2013/07/24 17:40:12 | 000,002,546 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\ask-search.xml
[2013/12/28 11:59:04 | 000,000,975 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\conduit-search.xml
[2013/12/28 12:25:05 | 000,001,017 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\conduit.xml
[2013/12/28 12:01:03 | 000,001,368 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\iminent.xml
[2013/12/28 21:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/28 12:58:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/28 12:04:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...FC-F54D4DAAD445
CHR - default_search_provider: suggest_url = http://suggest.searc...on.ashx?prefix={searchTerms},
CHR - Extension: Highlightly = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.0_1\
CHR - Extension: PassShow = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0\
CHR - Extension: Connect DLC 5 = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.23.0.728_0\
CHR - Extension: Connect DLC 5 = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.23.0.728_0\nativeMessaging\nmHost
CHR - Extension: Swirlz = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.24.3.503_0\
CHR - Extension: Swirlz = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.24.3.503_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll File not found
O2:64bit: - BHO: (weDownload Manager) - {11111111-1111-1111-1111-110311431144} - C:\Program Files (x86)\weDownload Manager\weDownload Manager-bho64.dll File not found
O2:64bit: - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PassShow) - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
O2 - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\norad\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O3 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Connect DLC 5 Toolbar) - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" File not found
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\norad\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8fab85a0119147d38b19d16d38c0aeb6-f4a11d3e10dbebc28f3e5788a17788f15546486a /CMPID=1213b File not found
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [NextLive] C:\Users\norad\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://unkmail2.unk.edu/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848D19DE-381B-4946-AF29-2D20A8A1E0E7}: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: DhcpNameServer = 74.40.74.40 74.40.74.41 192.168.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\norad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\norad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e6a7335-2dc0-11de-be65-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6a7335-2dc0-11de-be65-00247e244745}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{30da73e7-f32e-11df-b660-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{30da73e7-f32e-11df-b660-00247e244745}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d4c18fac-d416-11df-91d0-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{d4c18fac-d416-11df-91d0-00247e244745}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/04 15:46:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/29 15:33:29 | 000,000,000 | ---D | C] -- C:\Users\norad\.android
[2013/12/29 15:33:26 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\cache
[2013/12/29 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\newnext.me
[2013/12/29 15:33:22 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\genienext
[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\norad\Documents\Mobogenie
[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Mobogenie
[2013/12/29 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\GreatArcadeHits
[2013/12/29 15:32:35 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\AVG2014
[2013/12/29 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassShow
[2013/12/29 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connect_DLC_5
[2013/12/29 15:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/29 15:30:43 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\TuneUp Software
[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToniArts
[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/12/29 15:27:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/12/29 15:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/29 15:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\MFAData
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Avg2014
[2013/12/29 15:16:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/29 15:16:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/29 15:16:18 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/29 15:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/12/29 15:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/12/29 15:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/12/29 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/29 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/12/29 15:03:33 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\AskPartnerNetwork
[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/12/29 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/29 14:59:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/29 14:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/29 03:07:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/29 03:07:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/29 03:07:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/29 03:07:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/29 03:07:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/29 03:07:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/29 03:07:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/29 03:07:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/29 03:07:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/29 03:07:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/29 03:07:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/29 03:07:30 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/29 03:07:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/29 03:07:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/29 03:07:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/28 21:04:19 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Activeris
[2013/12/28 21:00:29 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\QuickScan
[2013/12/28 12:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/28 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Optimizer Pro
[2013/12/28 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Plus-HD-1.2
[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Swirlz
[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/28 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\NativeMessaging
[2013/12/28 12:25:25 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Conduit
[2013/12/28 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\CRE
[2013/12/28 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/28 12:25:07 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\SearchProtect
[2013/12/28 12:24:40 | 004,953,944 | ---- | C] (FLVMPlayer                                                  ) -- C:\Users\norad\Desktop\FLVMPlayer.exe
[2013/12/28 12:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2013/12/28 12:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Highlightly
[2013/12/28 12:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/28 12:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/28 11:57:43 | 000,000,000 | ---D | C] -- C:\c335b1860269ab3a89494966
[2013/12/28 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\SwvUpdater
[2013/12/28 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\SearchProtect
[2013/12/28 11:52:07 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/28 11:52:07 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/28 11:52:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/28 11:52:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/28 11:52:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/28 11:52:06 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/28 11:52:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/28 11:51:45 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/28 11:50:53 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/28 11:50:53 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/28 11:50:53 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[5 C:\Users\norad\Documents\*.tmp files -> C:\Users\norad\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/04 15:54:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000507275-1486089171-1974680742-1000Core.job
[2014/01/04 15:46:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 15:46:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 15:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
[2014/01/04 15:45:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000507275-1486089171-1974680742-1000UA.job
[2014/01/04 15:45:24 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\PassShow Update.job
[2014/01/04 15:45:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 15:45:18 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/01/04 15:45:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/01 15:55:42 | 000,002,559 | ---- | M] () -- C:\Users\norad\Desktop\HiJackThis.lnk
[2014/01/01 09:34:13 | 000,708,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/01 09:34:13 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/01 09:34:13 | 000,109,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/01 08:43:06 | 000,151,907 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/01/01 08:38:15 | 000,001,781 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
[2013/12/30 10:52:37 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/12/29 19:46:25 | 001,402,880 | ---- | M] () -- C:\Users\norad\Desktop\HiJackThis.msi
[2013/12/29 19:03:41 | 000,395,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/29 15:32:15 | 000,000,009 | ---- | M] () -- C:\END
[2013/12/29 15:30:46 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 15:13:43 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/29 14:59:14 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/29 14:59:12 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/29 14:59:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/29 14:59:12 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/29 13:53:44 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/12/28 21:22:52 | 000,002,044 | ---- | M] () -- C:\Users\norad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/28 21:22:52 | 000,002,042 | ---- | M] () -- C:\Users\norad\Desktop\Google Chrome.lnk
[2013/12/28 21:03:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/28 12:24:43 | 004,953,944 | ---- | M] (FLVMPlayer                                                  ) -- C:\Users\norad\Desktop\FLVMPlayer.exe
[2013/12/28 12:22:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/28 12:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[5 C:\Users\norad\Documents\*.tmp files -> C:\Users\norad\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/29 19:47:58 | 000,002,559 | ---- | C] () -- C:\Users\norad\Desktop\HiJackThis.lnk
[2013/12/29 19:46:23 | 001,402,880 | ---- | C] () -- C:\Users\norad\Desktop\HiJackThis.msi
[2013/12/29 15:32:22 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\PassShow Update.job
[2013/12/29 15:30:46 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 15:13:43 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/29 13:53:44 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/12/29 13:53:44 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013/12/28 21:03:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/28 12:24:05 | 000,000,009 | ---- | C] () -- C:\END
[2013/09/17 06:13:42 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012/11/30 09:44:36 | 000,007,592 | ---- | C] () -- C:\Users\norad\AppData\Local\d3d9caps.dat
[2012/01/29 13:44:33 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2010/09/29 16:29:04 | 000,000,156 | ---- | C] () -- C:\Users\norad\AppData\Roaming\wklnhst.dat
[2010/03/05 09:35:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 17:53:30 | 000,007,680 | ---- | C] () -- C:\Users\norad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 19:53:39 | 000,000,108 | ---- | C] () -- C:\Users\norad\webct_upload_applet.properties
[2009/06/18 10:51:17 | 000,151,907 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/18 09:36:03 | 000,151,907 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/11/05 17:53:20 | 105,119,039 | ---- | M] ()(C:\Windows\SysWow64\???[) -- C:\Windows\SysWow64\㨲ᴼ[
[2013/11/05 17:53:20 | 105,119,039 | ---- | C] ()(C:\Windows\SysWow64\???[) -- C:\Windows\SysWow64\㨲ᴼ[
[2013/11/03 16:03:52 | 104,814,100 | ---- | M] ()(C:\Windows\SysWow64\???Î) -- C:\Windows\SysWow64\䢆⥠ᴼÎ
[2013/11/03 16:03:52 | 104,814,100 | ---- | C] ()(C:\Windows\SysWow64\???Î) -- C:\Windows\SysWow64\䢆⥠ᴼÎ
[2013/10/30 17:48:09 | 104,229,082 | ---- | M] ()(C:\Windows\SysWow64\???Á) -- C:\Windows\SysWow64\혆䨚ᴼÁ
[2013/10/28 17:02:49 | 104,229,082 | ---- | C] ()(C:\Windows\SysWow64\???Á) -- C:\Windows\SysWow64\혆䨚ᴼÁ
[2013/10/25 06:34:17 | 102,975,063 | ---- | M] ()(C:\Windows\SysWow64\???Ì) -- C:\Windows\SysWow64\흑蚿ᴼÌ
[2013/10/20 16:15:52 | 102,975,063 | ---- | C] ()(C:\Windows\SysWow64\???Ì) -- C:\Windows\SysWow64\흑蚿ᴼÌ
[2013/10/19 14:27:36 | 101,983,560 | ---- | M] ()(C:\Windows\SysWow64\???8) -- C:\Windows\SysWow64\㟦鐖ᴼ8
[2013/10/19 14:27:36 | 101,983,560 | ---- | C] ()(C:\Windows\SysWow64\???8) -- C:\Windows\SysWow64\㟦鐖ᴼ8
[2013/10/16 17:30:55 | 101,413,064 | ---- | M] ()(C:\Windows\SysWow64\???Å) -- C:\Windows\SysWow64\踓鸯ᴼÅ
[2013/10/16 17:30:55 | 101,413,064 | ---- | C] ()(C:\Windows\SysWow64\???Å) -- C:\Windows\SysWow64\踓鸯ᴼÅ
[2013/10/13 13:05:09 | 100,742,045 | ---- | M] ()(C:\Windows\SysWow64\???Ý) -- C:\Windows\SysWow64\ᦧ좛ᴼÝ
[2013/10/13 13:05:09 | 100,742,045 | ---- | C] ()(C:\Windows\SysWow64\???Ý) -- C:\Windows\SysWow64\ᦧ좛ᴼÝ
[2013/10/03 06:14:10 | 099,102,760 | ---- | M] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ốꊁᴼr
[2013/09/22 22:18:56 | 099,102,760 | ---- | C] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ốꊁᴼr
[2013/09/18 17:59:40 | 098,201,083 | ---- | M] ()(C:\Windows\SysWow64\???È) -- C:\Windows\SysWow64\㕊䁕ᴼÈ
[2013/09/16 17:23:23 | 098,201,083 | ---- | C] ()(C:\Windows\SysWow64\???È) -- C:\Windows\SysWow64\㕊䁕ᴼÈ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
 
 
 
extras.txt---
 
 
 

OTL Extras logfile created on: 1/4/2014 3:47:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\norad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.32% Memory free
8.19 Gb Paging File | 5.48 Gb Available in Paging File | 66.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 166.72 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 30.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NORAD-PC | User Name: norad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.7K4PCB5NGPC3X4YQ7UMCNZ5IXU] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 53 DB D1 3B BF 76 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3738F00A-9949-4E4B-AF00-BBE71FA4229C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D533402-6C8C-41C0-9774-5613DF254287}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4E3081BA-6B04-44CC-978D-142B82B96A88}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71915C5A-C44C-419F-BE4F-6D2267CB42F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{736DDA45-936A-4DC1-B8E6-06A2A8D77AF0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9BC552A4-E4CC-45D6-9239-76ECD9E58228}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B364939D-CFA8-4DC6-A63F-AEEE03C33722}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF5454C8-1955-4F83-AE9E-8CCD3F7F302B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E5002026-FD44-4A9D-A7D7-B5561FD5B64A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EF55F2F2-8757-4958-B82E-ECDAEFC17E32}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D35D91-1CDE-4576-AC4D-1B259FEC241C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{05110207-178B-4730-B9B1-D3AE961C31CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{18A5FA27-5636-485A-B3D0-FBD65D928591}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{240D795C-F235-42D3-8043-62F39B3B27C6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{280D6B74-26E6-4452-BCD0-53A7AD8AD963}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2EEEA6B3-E8FE-461E-8751-D71BD9720753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{304C2BE3-D5CC-48FE-A67C-2198564D633C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{32F33100-9FAE-49B3-AB7B-1FB09DAB3BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36AD6A59-122B-4285-B5BD-A7B212697A92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{3AEFCF86-9D43-437C-B90D-DF318CF2659D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{436C7ABF-8909-43CB-9773-4D5CA6CF2A17}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4626D976-207A-4EDF-8B93-6447D428B2AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5338245D-7057-4446-90D6-EE58A54F99B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{64881B32-0358-48EA-B421-41292963718A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe | 
"{65AB007F-7F45-4A15-9E98-3531B53FFEEB}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6EB2CE2F-A34A-4A95-9004-FF4A2B4C8AFD}" = protocol=6 | dir=in | app=c:\users\norad\appdata\local\temp\7zsbf58.tmp\symnrt.exe | 
"{710648A8-491B-4EB8-BCA4-ADC0D7CDC56A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{7B786733-FE96-4E30-94C2-2A730EC9ADF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{7D175437-5249-4924-BC93-8AC4E567714E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88DD2684-57CB-444B-BEAD-F6479E066599}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{89E4708F-E48E-4ABA-A781-DEA974939DBD}" = protocol=1 | dir=out | [email protected],-28544 | 
"{98068502-EBD1-4CE4-908F-1CB23551351F}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe | 
"{9CCE0130-2B7A-4081-A1F8-6508DDF5E701}" = protocol=17 | dir=in | app=c:\users\norad\appdata\local\temp\7zsbf58.tmp\symnrt.exe | 
"{B89C5ED5-BB31-4559-BF4F-E75216B7E533}" = protocol=58 | dir=in | [email protected],-28545 | 
"{BCD457BF-11D8-4705-A453-411AD203DF05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{BE8D9C27-ABB9-4839-BE99-B50B1C6F446B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{C2B323F1-E5FB-4CCC-B296-2BB14610A247}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{C62337A3-50F5-4C1D-B407-692AC8B26029}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{CB3DF723-1F3B-49CE-BCDE-9DDF75035718}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{CBD24B8F-B981-4976-908A-29A6EFD69BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{D1E7CF8A-02EF-49A1-A9E1-8D8B7A203E2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{D54B1BBD-DFC6-437B-A195-3B917CC3D92F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D73275F4-CC4B-45DB-80B9-A8774FB4769B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe | 
"{DD681F95-2754-4E02-BA9A-8F4A643195E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{DDE2F65B-7733-47E9-8647-8A26DC75B08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DFBD3388-6FC0-4EC5-9BF2-215BB62E609E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"{EB21E76F-943F-4BB4-9679-4BD71B9070AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{EC67358F-0171-4442-B576-F07385379A54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{F599FF18-256E-4C58-9744-5C425E710CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{F76E526D-5344-4016-BB52-A31A21E37886}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{F9AA48E2-4107-458E-B514-2D2C6E748941}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{FDBE9E64-BE5F-4E1C-8173-A493884A9EB9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{FFC074BE-96BE-46AF-A6B1-33C7819471D1}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe | 
"TCP Query User{27BE6EB4-67E6-4263-8688-ED93A51155FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{2B7EA703-5562-4A80-A147-DC05429527B5}C:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{7E10322E-A553-4F52-971D-5F6BE5448CC0}C:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{BD930140-3A7E-47FD-A421-238EAC7C4008}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85CB0687-0239-473E-943B-E8AFEE6E044C}" = HP Photosmart 6510 series Product Improvement Study
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B53F9744-F0FB-44A6-9739-335CDAB4488A}" = HP Photosmart 6510 series Basic Device Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2014
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4F524A2D-5637-4300-76A7-A758B70C0700}" = Ask Toolbar
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Email Removed Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"1efa552d-e5a6-4610-a9d1-8cd285646842" = PassShow
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DMUninstaller" = DMUninstaller
"FileParade Bundle" = FileParade Bundle
"Highlightly" = Highlightly
"HP Photo Creations" = HP Photo Creations
"IECT3306061" = Connect DLC 5 Toolbar for IE
"Inspiration 9" = Inspiration 9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SearchProtect" = Search Protect
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Supplemental Installer" = BSF v6 Supplemental Installer
"Vantage-Vanguard PASS 5.08_is1" = Vantage-Vanguard PASS 5.08
"WildTangent hp Master Uninstall" = My HP Games
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2014 12:12:15 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4212
 
Error - 1/4/2014 12:12:15 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4212
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7613
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7613
 
[ OSession Events ]
Error - 8/10/2011 7:35:44 PM | Computer Name = norad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 6/2/2013 10:23:03 AM | Computer Name = norad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73911
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:17:10 AM | Computer Name = norad-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:43:26 AM | Computer Name = norad-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 1/4/2014 5:45:16 PM | Computer Name = norad-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP Server) for the Network Card with network address 00216B9EF606.  The following
 error occurred:   %%1223. Your computer will continue to try and obtain an address
 on its own from the network address (DHCP) server.
 
 
< End of report >
 

 

 

 



#4 x_breath_x

x_breath_x

    Member

  • Members
  • PipPipPip
  • 79 posts

Posted 04 January 2014 - 04:11 PM

i apologize for taking so long. christmas and everything being hectic. here is the logs.

 

 

OTL.txt---

 

 

 

 

OTL logfile created on: 1/4/2014 3:47:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\norad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.32% Memory free
8.19 Gb Paging File | 5.48 Gb Available in Paging File | 66.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 166.72 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 30.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NORAD-PC | User Name: norad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/04 15:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
PRC - [2013/12/16 03:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 03:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/11/08 18:51:17 | 001,707,472 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 20:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 20:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [1622/05/04 11:26:22 | 000,999,200 | ---- | M] (Conduit Ltd.) -- C:\Users\norad\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Users\norad\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/26 14:47:18 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/18 17:04:46 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/18 17:03:44 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/18 17:03:02 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/18 17:02:31 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/08/15 02:45:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/15 02:44:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\SystemWebsite removed for spammingntime.Remoting.ni.dll
MOD - [2013/08/15 02:44:52 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 02:44:52 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/15 02:44:52 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 02:38:19 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 02:37:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 02:37:43 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/15 02:36:46 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/10 02:53:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 02:52:54 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 00:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 20:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/25 20:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/06/29 17:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2008/09/11 05:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 09:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/12/28 12:22:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\Program Files (x86)\Highlightly\Service\hlsvc.exe -- (hlsvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/04 13:46:36 | 000,058,256 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hlnfd.sys -- (hlnfd)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/03/31 10:26:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/09/11 05:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/05 21:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/22 09:42:34 | 000,170,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/21 04:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/23 05:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 05:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 05:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/04/28 19:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 05:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5D9FA932-8D8C-40EC-9192-A538B6854A52}
IE:64bit: - HKLM\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {3E37E123-445C-4848-8E34-279F96B6BD39}
IE - HKLM\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{5815a829-6908-46b0-8b10-0036b333371e}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
IE - HKLM\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN60480715371022752&UM=2&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445&q={searchTerms}&S41CIE
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{3E37E123-445C-4848-8E34-279F96B6BD39}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN60480715371022752&UM=2&SSPV=S41CIE
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{5815a829-6908-46b0-8b10-0036b333371e}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\SearchScopes\{F8067152-A584-4D16-8CF3-7CA33368DB75}: "URL" = http://www.search.as...2-29&trgb=IE&q={searchTerms}&psv=
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3309759.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Swirlz Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...archSource=3&q={searchTerms}&sspv=S41A"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.119
FF - prefs.js..extensions.enabledAddons: %7B4cb3c467-0d72-44e6-9237-750b9b8b5ac9%7D:10.23.0.726
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.93.148
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\norad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\norad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/12/28 12:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{57c20073-e24b-4b2a-aa91-70d1ad526cbf}: C:\Program Files (x86)\PassShow\150.xpi [2013/12/29 15:32:22 | 000,011,866 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\norad\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ [2013/12/29 15:32:54 | 000,000,000 | ---D | M]
 
[2009/06/07 10:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Extensions
[2013/12/29 14:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions
[2010/05/25 18:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/28 12:25:02 | 000,000,000 | ---D | M] (Swirlz) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{4cb3c467-0d72-44e6-9237-750b9b8b5ac9}
[2013/08/23 16:34:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/28 11:41:17 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com
[2013/12/28 12:12:33 | 000,000,000 | ---D | M] ("Plus-HD-1.2") -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData\plugins
[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]e707310fc.com\extensionData\userCode
[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData
[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData\plugins
[2013/12/28 11:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\extensions\[email protected]656d80ab7.com\extensionData\userCode
[2013/07/24 17:40:12 | 000,002,546 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\ask-search.xml
[2013/12/28 11:59:04 | 000,000,975 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\conduit-search.xml
[2013/12/28 12:25:05 | 000,001,017 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\conduit.xml
[2013/12/28 12:01:03 | 000,001,368 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Mozilla\Firefox\Profiles\lf207zuh.default\searchplugins\iminent.xml
[2013/12/28 21:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/28 12:58:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/28 12:04:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...FC-F54D4DAAD445
CHR - default_search_provider: suggest_url = http://suggest.searc...on.ashx?prefix={searchTerms},
CHR - Extension: Highlightly = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.0_1\
CHR - Extension: PassShow = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.150_0\
CHR - Extension: Connect DLC 5 = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.23.0.728_0\
CHR - Extension: Connect DLC 5 = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.23.0.728_0\nativeMessaging\nmHost
CHR - Extension: Swirlz = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.24.3.503_0\
CHR - Extension: Swirlz = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcedemcahkmaidbipmniofjcocajlgk\10.24.3.503_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\norad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll File not found
O2:64bit: - BHO: (weDownload Manager) - {11111111-1111-1111-1111-110311431144} - C:\Program Files (x86)\weDownload Manager\weDownload Manager-bho64.dll File not found
O2:64bit: - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PassShow) - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files (x86)\PassShow\150.dll ()
O2 - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\norad\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
O3 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..\Toolbar\WebBrowser: (Connect DLC 5 Toolbar) - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" File not found
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\norad\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8fab85a0119147d38b19d16d38c0aeb6-f4a11d3e10dbebc28f3e5788a17788f15546486a /CMPID=1213b File not found
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [NextLive] C:\Users\norad\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4000507275-1486089171-1974680742-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://unkmail2.unk.edu/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848D19DE-381B-4946-AF29-2D20A8A1E0E7}: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: DhcpNameServer = 74.40.74.40 74.40.74.41 192.168.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\norad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\norad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e6a7335-2dc0-11de-be65-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6a7335-2dc0-11de-be65-00247e244745}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{30da73e7-f32e-11df-b660-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{30da73e7-f32e-11df-b660-00247e244745}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d4c18fac-d416-11df-91d0-00247e244745}\Shell - "" = AutoRun
O33 - MountPoints2\{d4c18fac-d416-11df-91d0-00247e244745}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/04 15:46:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/29 15:33:29 | 000,000,000 | ---D | C] -- C:\Users\norad\.android
[2013/12/29 15:33:26 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\cache
[2013/12/29 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\newnext.me
[2013/12/29 15:33:22 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\genienext
[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\norad\Documents\Mobogenie
[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Mobogenie
[2013/12/29 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\GreatArcadeHits
[2013/12/29 15:32:35 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\AVG2014
[2013/12/29 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassShow
[2013/12/29 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connect_DLC_5
[2013/12/29 15:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/29 15:30:43 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\TuneUp Software
[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToniArts
[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/12/29 15:27:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/12/29 15:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/29 15:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\MFAData
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Avg2014
[2013/12/29 15:16:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/29 15:16:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/29 15:16:18 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/29 15:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/12/29 15:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/12/29 15:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/12/29 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/29 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/12/29 15:03:33 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\AskPartnerNetwork
[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/12/29 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/29 14:59:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/29 14:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/29 03:07:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/29 03:07:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/29 03:07:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/29 03:07:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/29 03:07:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/29 03:07:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/29 03:07:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/29 03:07:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/29 03:07:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/29 03:07:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/29 03:07:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/29 03:07:30 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/29 03:07:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/29 03:07:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/29 03:07:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/28 21:04:19 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Activeris
[2013/12/28 21:00:29 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\QuickScan
[2013/12/28 12:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/28 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\Optimizer Pro
[2013/12/28 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Plus-HD-1.2
[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Swirlz
[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/28 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\NativeMessaging
[2013/12/28 12:25:25 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\Conduit
[2013/12/28 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\CRE
[2013/12/28 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/28 12:25:07 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Roaming\SearchProtect
[2013/12/28 12:24:40 | 004,953,944 | ---- | C] (FLVMPlayer                                                  ) -- C:\Users\norad\Desktop\FLVMPlayer.exe
[2013/12/28 12:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2013/12/28 12:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Highlightly
[2013/12/28 12:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/28 12:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/28 11:57:43 | 000,000,000 | ---D | C] -- C:\c335b1860269ab3a89494966
[2013/12/28 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\SwvUpdater
[2013/12/28 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\norad\AppData\Local\SearchProtect
[2013/12/28 11:52:07 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/28 11:52:07 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/28 11:52:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/28 11:52:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/28 11:52:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/28 11:52:06 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/28 11:52:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/28 11:51:45 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/28 11:50:53 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/28 11:50:53 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/28 11:50:53 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[5 C:\Users\norad\Documents\*.tmp files -> C:\Users\norad\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/04 15:54:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000507275-1486089171-1974680742-1000Core.job
[2014/01/04 15:46:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 15:46:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 15:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norad\Desktop\OTL.exe
[2014/01/04 15:45:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000507275-1486089171-1974680742-1000UA.job
[2014/01/04 15:45:24 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\PassShow Update.job
[2014/01/04 15:45:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 15:45:18 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/01/04 15:45:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/01 15:55:42 | 000,002,559 | ---- | M] () -- C:\Users\norad\Desktop\HiJackThis.lnk
[2014/01/01 09:34:13 | 000,708,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/01 09:34:13 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/01 09:34:13 | 000,109,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/01 08:43:06 | 000,151,907 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/01/01 08:38:15 | 000,001,781 | ---- | M] () -- C:\Users\norad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
[2013/12/30 10:52:37 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/12/29 19:46:25 | 001,402,880 | ---- | M] () -- C:\Users\norad\Desktop\HiJackThis.msi
[2013/12/29 19:03:41 | 000,395,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/29 15:32:15 | 000,000,009 | ---- | M] () -- C:\END
[2013/12/29 15:30:46 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 15:13:43 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/29 14:59:14 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/29 14:59:12 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/29 14:59:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/29 14:59:12 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/29 13:53:44 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/12/28 21:22:52 | 000,002,044 | ---- | M] () -- C:\Users\norad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/28 21:22:52 | 000,002,042 | ---- | M] () -- C:\Users\norad\Desktop\Google Chrome.lnk
[2013/12/28 21:03:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/28 12:24:43 | 004,953,944 | ---- | M] (FLVMPlayer                                                  ) -- C:\Users\norad\Desktop\FLVMPlayer.exe
[2013/12/28 12:22:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/28 12:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[5 C:\Users\norad\Documents\*.tmp files -> C:\Users\norad\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/29 19:47:58 | 000,002,559 | ---- | C] () -- C:\Users\norad\Desktop\HiJackThis.lnk
[2013/12/29 19:46:23 | 001,402,880 | ---- | C] () -- C:\Users\norad\Desktop\HiJackThis.msi
[2013/12/29 15:32:22 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\PassShow Update.job
[2013/12/29 15:30:46 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 15:13:43 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/12/29 13:53:44 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/12/29 13:53:44 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013/12/28 21:03:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/28 12:24:05 | 000,000,009 | ---- | C] () -- C:\END
[2013/09/17 06:13:42 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012/11/30 09:44:36 | 000,007,592 | ---- | C] () -- C:\Users\norad\AppData\Local\d3d9caps.dat
[2012/01/29 13:44:33 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2010/09/29 16:29:04 | 000,000,156 | ---- | C] () -- C:\Users\norad\AppData\Roaming\wklnhst.dat
[2010/03/05 09:35:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 17:53:30 | 000,007,680 | ---- | C] () -- C:\Users\norad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 19:53:39 | 000,000,108 | ---- | C] () -- C:\Users\norad\webct_upload_applet.properties
[2009/06/18 10:51:17 | 000,151,907 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/18 09:36:03 | 000,151,907 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/11/05 17:53:20 | 105,119,039 | ---- | M] ()(C:\Windows\SysWow64\???[) -- C:\Windows\SysWow64\㨲ᴼ[
[2013/11/05 17:53:20 | 105,119,039 | ---- | C] ()(C:\Windows\SysWow64\???[) -- C:\Windows\SysWow64\㨲ᴼ[
[2013/11/03 16:03:52 | 104,814,100 | ---- | M] ()(C:\Windows\SysWow64\???Î) -- C:\Windows\SysWow64\䢆⥠ᴼÎ
[2013/11/03 16:03:52 | 104,814,100 | ---- | C] ()(C:\Windows\SysWow64\???Î) -- C:\Windows\SysWow64\䢆⥠ᴼÎ
[2013/10/30 17:48:09 | 104,229,082 | ---- | M] ()(C:\Windows\SysWow64\???Á) -- C:\Windows\SysWow64\혆䨚ᴼÁ
[2013/10/28 17:02:49 | 104,229,082 | ---- | C] ()(C:\Windows\SysWow64\???Á) -- C:\Windows\SysWow64\혆䨚ᴼÁ
[2013/10/25 06:34:17 | 102,975,063 | ---- | M] ()(C:\Windows\SysWow64\???Ì) -- C:\Windows\SysWow64\흑蚿ᴼÌ
[2013/10/20 16:15:52 | 102,975,063 | ---- | C] ()(C:\Windows\SysWow64\???Ì) -- C:\Windows\SysWow64\흑蚿ᴼÌ
[2013/10/19 14:27:36 | 101,983,560 | ---- | M] ()(C:\Windows\SysWow64\???8) -- C:\Windows\SysWow64\㟦鐖ᴼ8
[2013/10/19 14:27:36 | 101,983,560 | ---- | C] ()(C:\Windows\SysWow64\???8) -- C:\Windows\SysWow64\㟦鐖ᴼ8
[2013/10/16 17:30:55 | 101,413,064 | ---- | M] ()(C:\Windows\SysWow64\???Å) -- C:\Windows\SysWow64\踓鸯ᴼÅ
[2013/10/16 17:30:55 | 101,413,064 | ---- | C] ()(C:\Windows\SysWow64\???Å) -- C:\Windows\SysWow64\踓鸯ᴼÅ
[2013/10/13 13:05:09 | 100,742,045 | ---- | M] ()(C:\Windows\SysWow64\???Ý) -- C:\Windows\SysWow64\ᦧ좛ᴼÝ
[2013/10/13 13:05:09 | 100,742,045 | ---- | C] ()(C:\Windows\SysWow64\???Ý) -- C:\Windows\SysWow64\ᦧ좛ᴼÝ
[2013/10/03 06:14:10 | 099,102,760 | ---- | M] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ốꊁᴼr
[2013/09/22 22:18:56 | 099,102,760 | ---- | C] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ốꊁᴼr
[2013/09/18 17:59:40 | 098,201,083 | ---- | M] ()(C:\Windows\SysWow64\???È) -- C:\Windows\SysWow64\㕊䁕ᴼÈ
[2013/09/16 17:23:23 | 098,201,083 | ---- | C] ()(C:\Windows\SysWow64\???È) -- C:\Windows\SysWow64\㕊䁕ᴼÈ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
 
 
 
extras.txt---
 
 
 

OTL Extras logfile created on: 1/4/2014 3:47:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\norad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.32% Memory free
8.19 Gb Paging File | 5.48 Gb Available in Paging File | 66.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.11 Gb Total Space | 166.72 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 30.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NORAD-PC | User Name: norad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.7K4PCB5NGPC3X4YQ7UMCNZ5IXU] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 53 DB D1 3B BF 76 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3738F00A-9949-4E4B-AF00-BBE71FA4229C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D533402-6C8C-41C0-9774-5613DF254287}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4E3081BA-6B04-44CC-978D-142B82B96A88}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71915C5A-C44C-419F-BE4F-6D2267CB42F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{736DDA45-936A-4DC1-B8E6-06A2A8D77AF0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9BC552A4-E4CC-45D6-9239-76ECD9E58228}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B364939D-CFA8-4DC6-A63F-AEEE03C33722}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF5454C8-1955-4F83-AE9E-8CCD3F7F302B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E5002026-FD44-4A9D-A7D7-B5561FD5B64A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EF55F2F2-8757-4958-B82E-ECDAEFC17E32}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D35D91-1CDE-4576-AC4D-1B259FEC241C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{05110207-178B-4730-B9B1-D3AE961C31CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{18A5FA27-5636-485A-B3D0-FBD65D928591}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{240D795C-F235-42D3-8043-62F39B3B27C6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{280D6B74-26E6-4452-BCD0-53A7AD8AD963}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2EEEA6B3-E8FE-461E-8751-D71BD9720753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{304C2BE3-D5CC-48FE-A67C-2198564D633C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{32F33100-9FAE-49B3-AB7B-1FB09DAB3BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36AD6A59-122B-4285-B5BD-A7B212697A92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{3AEFCF86-9D43-437C-B90D-DF318CF2659D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{436C7ABF-8909-43CB-9773-4D5CA6CF2A17}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4626D976-207A-4EDF-8B93-6447D428B2AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5338245D-7057-4446-90D6-EE58A54F99B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{64881B32-0358-48EA-B421-41292963718A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe | 
"{65AB007F-7F45-4A15-9E98-3531B53FFEEB}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6EB2CE2F-A34A-4A95-9004-FF4A2B4C8AFD}" = protocol=6 | dir=in | app=c:\users\norad\appdata\local\temp\7zsbf58.tmp\symnrt.exe | 
"{710648A8-491B-4EB8-BCA4-ADC0D7CDC56A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{7B786733-FE96-4E30-94C2-2A730EC9ADF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{7D175437-5249-4924-BC93-8AC4E567714E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88DD2684-57CB-444B-BEAD-F6479E066599}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{89E4708F-E48E-4ABA-A781-DEA974939DBD}" = protocol=1 | dir=out | [email protected],-28544 | 
"{98068502-EBD1-4CE4-908F-1CB23551351F}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe | 
"{9CCE0130-2B7A-4081-A1F8-6508DDF5E701}" = protocol=17 | dir=in | app=c:\users\norad\appdata\local\temp\7zsbf58.tmp\symnrt.exe | 
"{B89C5ED5-BB31-4559-BF4F-E75216B7E533}" = protocol=58 | dir=in | [email protected],-28545 | 
"{BCD457BF-11D8-4705-A453-411AD203DF05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{BE8D9C27-ABB9-4839-BE99-B50B1C6F446B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{C2B323F1-E5FB-4CCC-B296-2BB14610A247}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{C62337A3-50F5-4C1D-B407-692AC8B26029}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{CB3DF723-1F3B-49CE-BCDE-9DDF75035718}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{CBD24B8F-B981-4976-908A-29A6EFD69BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{D1E7CF8A-02EF-49A1-A9E1-8D8B7A203E2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{D54B1BBD-DFC6-437B-A195-3B917CC3D92F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D73275F4-CC4B-45DB-80B9-A8774FB4769B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe | 
"{DD681F95-2754-4E02-BA9A-8F4A643195E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{DDE2F65B-7733-47E9-8647-8A26DC75B08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DFBD3388-6FC0-4EC5-9BF2-215BB62E609E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"{EB21E76F-943F-4BB4-9679-4BD71B9070AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{EC67358F-0171-4442-B576-F07385379A54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{F599FF18-256E-4C58-9744-5C425E710CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{F76E526D-5344-4016-BB52-A31A21E37886}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{F9AA48E2-4107-458E-B514-2D2C6E748941}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{FDBE9E64-BE5F-4E1C-8173-A493884A9EB9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{FFC074BE-96BE-46AF-A6B1-33C7819471D1}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe | 
"TCP Query User{27BE6EB4-67E6-4263-8688-ED93A51155FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{2B7EA703-5562-4A80-A147-DC05429527B5}C:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{7E10322E-A553-4F52-971D-5F6BE5448CC0}C:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\norad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{BD930140-3A7E-47FD-A421-238EAC7C4008}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85CB0687-0239-473E-943B-E8AFEE6E044C}" = HP Photosmart 6510 series Product Improvement Study
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B53F9744-F0FB-44A6-9739-335CDAB4488A}" = HP Photosmart 6510 series Basic Device Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2014
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4F524A2D-5637-4300-76A7-A758B70C0700}" = Ask Toolbar
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Email Removed Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"1efa552d-e5a6-4610-a9d1-8cd285646842" = PassShow
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DMUninstaller" = DMUninstaller
"FileParade Bundle" = FileParade Bundle
"Highlightly" = Highlightly
"HP Photo Creations" = HP Photo Creations
"IECT3306061" = Connect DLC 5 Toolbar for IE
"Inspiration 9" = Inspiration 9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SearchProtect" = Search Protect
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Supplemental Installer" = BSF v6 Supplemental Installer
"Vantage-Vanguard PASS 5.08_is1" = Vantage-Vanguard PASS 5.08
"WildTangent hp Master Uninstall" = My HP Games
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4000507275-1486089171-1974680742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2014 12:12:15 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4212
 
Error - 1/4/2014 12:12:15 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4212
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210
 
Error - 1/4/2014 12:12:16 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
 
Error - 1/4/2014 12:12:17 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7613
 
Error - 1/4/2014 12:12:18 AM | Computer Name = norad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7613
 
[ OSession Events ]
Error - 8/10/2011 7:35:44 PM | Computer Name = norad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 6/2/2013 10:23:03 AM | Computer Name = norad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73911
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:16:11 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 disappeared from the system without first being prepared for removal.
 
Error - 12/30/2013 11:17:10 AM | Computer Name = norad-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:42:12 AM | Computer Name = norad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 disappeared from the system without first being prepared for removal.
 
Error - 1/1/2014 10:43:26 AM | Computer Name = norad-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 1/4/2014 5:45:16 PM | Computer Name = norad-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP Server) for the Network Card with network address 00216B9EF606.  The following
 error occurred:   %%1223. Your computer will continue to try and obtain an address
 on its own from the network address (DHCP) server.
 
 
< End of report >
 

 

 

 



#5 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 January 2014 - 12:41 PM

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can also find the log file at C:\AdwCleaner
-Junkware-Removal-Tool-
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 18 January 2014 - 07:27 PM

I'll lock this topic as the topic starter has no access to this computer any longer


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here