Broadband Tech → Security → Security Cleanup > [Virus] Avast reports Win32:Evo-gen [Susp] and Win32:BogEnt [Sus

Greetings--

Avast File System Shield is reporting numerous instances of Win32:Evo-gen [Susp] and Win32:BogEnt [Susp]. But Avast can't delete the files, either because they are in use by another process, or because the file is embedded in an archive.

I'm very concerned the computer is infected with something.

I have followed all of the steps here: http://www.dslreports.com/faq/13616

The results are pasted below.

Thanks for any assistance.

/cb

To illustrate the concern, here is a fragment of the Avast File System Shield log. There are many more occurrences of both infections in multiple locations. Complete logs from Avast are available on request.

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Monday, June 17, 2013 3:25:52 AM
*

6/17/2013 8:13:49 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/17/2013 3:45:04 PM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/17/2013 4:32:50 PM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/17/2013 6:00:02 PM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/18/2013 12:30:04 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/18/2013 12:30:07 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/18/2013 12:30:08 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/18/2013 12:32:25 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/18/2013 12:41:03 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/19/2013 12:28:32 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/19/2013 12:28:35 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/19/2013 12:28:36 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/19/2013 12:30:07 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/19/2013 12:31:07 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/21/2013 12:29:02 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/21/2013 12:29:05 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/21/2013 12:29:07 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/21/2013 12:31:25 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/21/2013 12:40:02 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/22/2013 12:29:38 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/22/2013 12:29:45 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/22/2013 12:29:46 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/22/2013 12:32:19 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/22/2013 12:41:04 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.

*
* Shield stopped: Saturday, June 22, 2013 7:36:38 PM
* Run-time was 5 day(s), 16 hour(s), 10 minute(s), 46 second(s)
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Sunday, June 23, 2013 8:40:33 AM
*

Here is the MBAM log:

Database version: v2013.06.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Craig :: CAB-DESKTOP3 [administrator]

Protection: Enabled

6/22/2013 7:52:13 PM
mbam-log-2013-06-22 (19-52-13).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 474899
Time elapsed: 57 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the AdwCleaner log:

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 20:56:17
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Craig - CAB-DESKTOP3
# Boot Mode : Normal
# Running from : C:\Users\Craig\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Carolyn Bosworth\AppData\Roaming\Mozilla\Firefox\Profiles\c5jn8srn.default\extensions\staged
Folder Deleted : C:\Users\Carolyn Bosworth\AppData\Roaming\Mozilla\Firefox\Profiles\c5jn8srn.default\jetpack

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Carolyn Bosworth\AppData\Roaming\Mozilla\Firefox\Profiles\c5jn8srn.default\prefs.js

[OK] File is clean.

File : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\k2xohxu8.default\prefs.js

[OK] File is clean.

File : C:\Users\Craig_2\AppData\Roaming\Mozilla\Firefox\Profiles\p1w60s6l.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?source=navclient-ff#inbox");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Carolyn Bosworth\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1856 octets] - [22/06/2013 20:56:17]

########## EOF - C:\AdwCleaner[S1].txt - [1916 octets] ##########

OTL.txt and Extras.txt are too large to post, so I will attach them to separate posts.

Here is checkup.txt:

Results of screen317's Security Check version 0.99.67
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 19% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

Here is the log from running ESET online:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=eb2977096e868b40b47cd7b0d4244dd6
# engine=14135
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-23 06:50:41
# local_time=2013-06-22 11:50:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 65967201 123513691 0 0
# scanned=248153
# found=0
# cleaned=0
# scan_time=8579

Opened for easier analysis - please do not code block the logs

OTL logfile created on: 6/22/2013 9:02:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Craig\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.59% Memory free
7.50 Gb Paging File | 6.16 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.46 Gb Total Space | 612.72 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Computer Name: CAB-DESKTOP3 | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/06/22 21:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/25 01:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/07/25 01:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/07/25 01:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/05/29 20:08:48 | 000,172,032 | ---- | M] (CompSoft) -- C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/12/13 14:37:16 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
PRC - [2010/06/12 18:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 12:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/30 03:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/16 20:53:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 15:42:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 01:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 01:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/06/12 18:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 18:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 18:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/12/06 10:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/17 23:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/06/30 05:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 03:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/15 23:25:49 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/05 21:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 21:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/23 10:23:58 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007/07/23 10:23:58 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007/07/23 10:23:56 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0F43903A-7B85-443B-A9AD-D57626CC2334}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{92B2438A-F289-4AD4-B81F-0EA202DA68E8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{EDA7DCD6-16E5-432A-A359-0161A3D8DCF6}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F6106B7F-880F-4A42-9E7F-9CE640F00B4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0F43903A-7B85-443B-A9AD-D57626CC2334}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{92B2438A-F289-4AD4-B81F-0EA202DA68E8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{EDA7DCD6-16E5-432A-A359-0161A3D8DCF6}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{F6106B7F-880F-4A42-9E7F-9CE640F00B4A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "mail.cbosworth.net"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/05/16 20:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 15:42:16 | 000,000,000 | ---D | M]

[2010/11/12 20:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\mozilla\Extensions
[2011/05/14 19:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\mozilla\Firefox\Profiles\k2xohxu8.default\extensions
[2011/05/14 17:09:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Craig\AppData\Roaming\mozilla\Firefox\Profiles\k2xohxu8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/14 19:50:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Craig\AppData\Roaming\mozilla\Firefox\Profiles\k2xohxu8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2013/05/23 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 15:42:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/22 19:06:43 | 000,462,347 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 13804 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab (EZTwainX by Dosadi)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A4238BB-A2F7-4A95-8BB1-F35F9D028C6E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/06/22 21:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2013/06/22 19:23:07 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\TFC.exe
[2013/06/17 03:03:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/17 03:03:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 03:05:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 03:05:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 03:05:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 03:05:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 03:05:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 03:05:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 03:05:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 03:05:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 03:05:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 03:05:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 03:05:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 03:05:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 03:05:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/11 18:42:56 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 18:42:56 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 18:42:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 18:42:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 18:42:38 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 18:42:29 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 18:42:29 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 18:42:28 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 18:42:27 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 18:42:25 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 18:42:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 18:42:09 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 18:42:08 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/06/22 21:05:28 | 000,727,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/22 21:05:28 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/22 21:05:28 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/22 21:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2013/06/22 20:58:56 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/22 20:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/22 20:58:00 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/22 20:54:48 | 000,648,201 | ---- | M] () -- C:\Users\Craig\Desktop\adwcleaner.exe
[2013/06/22 20:53:21 | 000,002,285 | ---- | M] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/22 20:52:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/22 20:31:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698924157-1089961020-3165715489-1001UA.job
[2013/06/22 20:27:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/22 19:58:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 19:58:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 19:49:18 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarolyn Bosworth.job
[2013/06/22 19:38:34 | 000,000,061 | ---- | M] () -- C:\Users\Craig\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ - DSLReports.com, ISP Information.url
[2013/06/22 19:23:08 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\TFC.exe
[2013/06/22 00:00:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698924157-1089961020-3165715489-1001Core.job
[2013/06/18 20:30:25 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/16 20:53:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/16 20:53:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/08 07:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/06/22 20:54:53 | 000,648,201 | ---- | C] () -- C:\Users\Craig\Desktop\adwcleaner.exe
[2013/06/22 19:41:50 | 000,002,285 | ---- | C] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/22 19:38:34 | 000,000,061 | ---- | C] () -- C:\Users\Craig\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ - DSLReports.com, ISP Information.url
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/11 11:49:04 | 001,328,128 | ---- | C] () -- C:\Windows\SysWow64\quartz.dll
[2010/12/09 20:48:40 | 000,007,626 | ---- | C] () -- C:\Users\Craig\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2010/12/16 08:29:35 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\abelhadigital.com

[color=#E56717]========== Purity Check ==========[/color]

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

OTL Extras logfile created on: 6/22/2013 9:02:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Craig\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.59% Memory free
7.50 Gb Paging File | 6.16 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.46 Gb Total Space | 612.72 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Computer Name: CAB-DESKTOP3 | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01568D52-386E-4E20-ABBD-146D8D5DDA6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1047DACC-3459-4D50-9D4D-5BC6DB4FD132}" = rport=445 | protocol=6 | dir=out | app=system |
"{12A0ABC4-82DB-4282-8B63-E1EFFB97EF69}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{148792D4-DBD4-4293-A2F4-8224263288BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A5FC13A-BA67-4815-BCA3-75A3617D342C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B69D7E9-E1D0-43DB-94D3-1A3EEFCB8B17}" = lport=137 | protocol=17 | dir=in | app=system |
"{29897958-E478-4CC3-A2C2-18B13DF87E15}" = rport=137 | protocol=17 | dir=out | app=system |
"{33B4DCE6-8589-4DF8-8E51-0FB4811E37DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{33B726F2-76AE-4BF6-8B2B-12561601E022}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D7A83F1-9E0E-4FBD-A763-BFF8DDE837D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{431C77AF-B1BA-41D9-B7D8-328E11A4D594}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4DF6A7A4-F554-40ED-8877-DC8DA7C7A140}" = lport=2869 | protocol=6 | dir=in | app=system |
"{578E279E-D139-4304-BB05-C397CC195E2C}" = rport=139 | protocol=6 | dir=out | app=system |
"{5FB31541-C8C3-4582-88F5-9B998C76CB76}" = lport=445 | protocol=6 | dir=in | app=system |
"{6300B050-475F-4291-950D-47055460D665}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B5FF2FB-67A2-4B72-B301-0048D518FD1F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F1DF0EF-31ED-4FBC-9A3F-1496731142CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72B9DDD8-3375-4693-8B1C-1875E72F2186}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C9BE84F-6D8D-456C-B504-C29A6F8D48ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7D0D22F7-5C26-4A1A-9163-63070948E333}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F75C074-BFC8-4D99-85D1-C6D330091B54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C2F6487F-E698-4235-B5B9-9CD9282F0137}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D387D279-AD2B-4D9A-B116-313FB420FA65}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D65B041A-0675-4242-91E5-923B8D870BA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD3ACA29-FE00-436A-8ADA-25F2D4F6F2EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E328F9D8-1D0E-4505-B829-04D88A8282E0}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6F90137-552D-4980-9744-9433B5B78BEA}" = lport=2869 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAF0B7-B391-4167-9458-82E5A47E33C8}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0316F992-9D02-469A-AF10-2248B02E8508}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{0339794D-CF80-4A19-9176-466521099349}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0987DD95-5359-492A-BD7B-CD2F30168295}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{0BCE69E7-4E85-4BB8-8852-B4A8CD589C15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{0D8B7E8E-3AAB-4775-8E1E-FCCFCE125A25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0ED785D0-DB31-4D9E-9528-3526C2B539DC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{18A15E75-7FFF-4F46-935D-2B27932E0612}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{19EACABB-BA9A-4C25-93F1-8723B5E12606}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1C76C77C-E952-462B-9F30-1D95AA314436}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1D08C3E6-42F0-4153-A911-1F22ABD47D5D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{208F67C8-4144-4005-BC44-1CE45537FE2D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{24743E2D-E5CE-4431-866B-27E788252CA3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{27F7900F-47D2-4D73-A0C0-6981E9818E53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{316AEEA7-D3BB-43BB-8AE9-1901C1A933C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317B4120-4342-4FAE-B6EF-9ECF4859C84D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3474FF84-921D-42A6-882D-7A352500EF93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40AF634B-70A0-47AA-8741-AE56B03110B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4194B4B2-CC7A-4537-88F5-0F6FF2F98D3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46A3C5FD-00DE-48F0-8F49-8616661C68D2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{49E0F478-2727-4AD8-AA93-A3002EE29304}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{4A67D001-4D00-4C78-B41D-6BE2EFC66F61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{521F2980-AA0E-4159-850E-528CB69DB0CB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{5584D02A-0C17-4E86-B92F-C86C3247BE1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{57C5CC25-8173-4DF1-A92C-1F0A5B9FD023}" = dir=in | app=c:\users\carolyn bosworth\appdata\roaming\zoom\bin\zoom.exe |
"{58080CF8-0E57-4AAD-8715-81D70B104EA5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5A1596DF-2482-4506-92C1-B51AB22AD32A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{5BA2CA98-6EC6-4D4F-AE01-D6BC0D66EBA6}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{5D1E3351-00CC-44DD-9250-2DE08BD4E8C4}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{66D80CE0-CC92-45E7-826A-686ACDA1B234}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66FA1301-35AF-467E-BD8B-EE2CADBB3B20}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{675A9BCA-C94D-4117-BB3E-45F1B76DD5AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{682DD5E3-D861-49DA-B672-25044B7B0675}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6A12A9B8-286C-4BC1-916E-3833F9BFCFEB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6AAFD20A-7E42-4398-BC1F-B80F4D3A047A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{6F7A3C6E-8979-46E3-9488-8836849D5530}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{700564D9-B3B0-47C5-B371-2EFCE32F2FF6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7304FFE6-1D0E-4715-AED8-DB308F1BE29A}" = protocol=6 | dir=in | app=c:\users\craig\appdata\local\temp\7zsa146.tmp\symnrt.exe |
"{73BE446F-1470-40F2-B65A-A03EDEC56E11}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{7F4FE18E-10E8-422B-AE49-61909EF52EBE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{83A2F3C6-CF9E-40BF-B434-0ADC32F7EB9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{8557F8C1-7787-4A19-9F39-1200F2CBCA15}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8759B2D8-6C9E-4FAB-B3BF-459E7AEA2967}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{8C302B2F-A14E-4B83-A0F9-F4F6A5CA6F37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8EAF6163-75F5-43D1-A3C5-032122976162}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{92FD0BF0-17CE-447F-84D7-806E6BAFD49D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C1F68F-5020-4879-8F51-54479970A8EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98D2CCB4-864C-49DC-B521-1F08CEE0DD12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9BE4DA61-7B9E-407C-9CBC-7F704F417D5B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9E979507-60D9-4ADD-9960-0B6054727734}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{A141C17C-7161-4D22-A366-4230247A8739}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{A16517E3-7838-471E-860E-074C75A5E2C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A2C06541-949A-419B-91C7-530CAD9D030A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{A3E1A54F-74C8-48B2-9735-C76C9E617971}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{A3F35077-29F7-4C17-B84B-146A2F9AFB5C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{A4D89FA3-4DD8-4281-A642-DDF774A9F627}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A9FD5233-1494-4251-82B0-8D9899AAEF04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC50E8A2-B3C5-46C9-8355-F41876144AD7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{ACBE68D4-F3E7-453A-AAAB-6485095920CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B527597B-4FC8-47E2-B453-4A034ACA5A9F}" = protocol=6 | dir=out | app=system |
"{B7FDE577-B721-4672-B9E0-FCF889D60C6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B8D65EB7-ED38-47C7-9B3B-7C1222F597D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAD29C2A-894D-49B8-AB94-6A56EAE10C13}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BB0853F9-491D-43AA-ABA4-7D38AEF6A427}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{BB5743A0-F6C0-4A00-A476-46DD735F6173}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{BCE1707C-A52B-4CA8-8E5A-892E15C0A6D0}" = protocol=6 | dir=in | app=c:\users\carolyn bosworth\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C2334A0C-C404-4E90-AB64-30132306E57F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C33454A0-450B-4A2D-8D6A-8E212688DFEA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C5269218-67BE-492A-B8B9-AE53830603DD}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{C8C066F9-1100-4CDE-8F87-5EFAB7F863CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CAB7E0FA-2965-4875-A682-501586A9B859}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCA45392-1577-4D16-8986-A43906C230B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E1B7A068-E760-4500-B321-ABF038D68527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{E2B7C3F7-A615-4B12-830A-E2814D8FDD0F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{E322ACAD-2710-411A-83FE-8CDE17FFDBB5}" = protocol=17 | dir=in | app=c:\users\craig\appdata\local\temp\7zsa146.tmp\symnrt.exe |
"{E3E08A6F-A9DC-442D-B8F9-CD52367225B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{E84C035E-CCB4-4A55-A318-46871D55DAD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{EA17E0F4-96DA-4C76-BAE6-92A320C9F85F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EC364F9B-F4EC-4877-8A8C-438D64CDF001}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{ECA39B55-E3E2-4EEA-84D8-828492FA7503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F006E83B-D098-41A9-B473-486570368F78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F22CFF3B-FFB6-4CBC-984F-8DDA00FC62D2}" = protocol=17 | dir=in | app=c:\users\carolyn bosworth\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F45AC834-445E-4090-96C9-8CA5348753AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{FCC8D519-8256-49B7-857B-47D0904067D1}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{FF920E13-5B3A-499B-AF92-36F2F31B7D12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"TCP Query User{25EAD3DE-F671-4249-8AB9-48F409F93951}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7099207F-DC24-4776-8D1D-D104072E52BC}C:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe |
"TCP Query User{81F3CD28-BF0E-4F2F-B98A-9115B2ECBABD}C:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe |
"UDP Query User{3CC7BA79-AAFD-401D-8761-975D7CF68CAE}C:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe |
"UDP Query User{ADC51D43-DFAF-4BDD-9C1E-9A94C13DBABB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B837B16A-DFBD-4AB3-8A5E-2FFD961163E0}C:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe |

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{E319D46F-4F14-4867-94CD-FB203ED60AFC}" = HP Officejet 6500 E710a-f Product Improvement Study
"{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{10894714-E82E-4371-9CF7-F58E352C76EA}" = H&R Block California 2011
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}" = zoom.us
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F94E86E-494E-4456-9F99-A097C9E6B478}" = i.Demo™
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}" = H&R Block California 2010
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E040F1EC-82A9-4950-AAFE-55762AB59590}" = H&R Block California 2012
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8E23350-1B1D-4C8C-99DD-3D888EC26A87}" = LG Outlook Sync
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4898C08-90A2-431C-BCE5-87866531D05B}" = H&R Block California 2009
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.6
"avast" = avast! Free Antivirus
"Doro_is1" = Doro 1.77
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/16/2013 6:43:53 AM | Computer Name = CAB-Desktop3 | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 5/16/2013 6:45:17 AM | Computer Name = CAB-Desktop3 | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 5/16/2013 6:45:30 AM | Computer Name = CAB-Desktop3 | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 5/16/2013 6:45:32 AM | Computer Name = CAB-Desktop3 | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 5/17/2013 3:41:35 AM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/19/2013 3:41:01 AM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/24/2013 3:44:29 AM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/17/2013 6:17:10 AM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/17/2013 6:54:29 PM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/17/2013 9:07:06 PM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/19/2013 3:42:47 AM | Computer Name = CAB-Desktop3 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 10/12/2012 6:41:07 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:43:50 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:43:50 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:45:01 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:45:23 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:45:29 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:46:19 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:47:15 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:47:24 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

Error - 10/12/2012 6:48:08 AM | Computer Name = CAB-Desktop3 | Source = HPSF.exe | ID = 4000
Description =

[ OSession Events ]
Error - 1/25/2011 11:01:28 AM | Computer Name = CAB-Desktop3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 315764
seconds with 5280 seconds of active time. This session ended with a crash.

Error - 1/18/2013 12:56:55 AM | Computer Name = CAB-Desktop3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226350
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/19/2013 7:19:31 PM | Computer Name = CAB-Desktop3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 469030
seconds with 12120 seconds of active time. This session ended with a crash.

Error - 3/19/2013 7:22:48 PM | Computer Name = CAB-Desktop3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 187
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/20/2013 6:06:03 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2820331).

Error - 6/21/2013 6:02:04 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).

Error - 6/21/2013 6:04:39 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2798162).

Error - 6/21/2013 6:04:39 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2820331).

Error - 6/21/2013 8:30:20 PM | Computer Name = CAB-Desktop3 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 6/22/2013 6:02:54 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).

Error - 6/22/2013 6:05:29 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2798162).

Error - 6/22/2013 6:05:29 AM | Computer Name = CAB-Desktop3 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2820331).

Error - 6/22/2013 10:48:01 PM | Computer Name = CAB-Desktop3 | Source = DCOM | ID = 10010
Description =

Error - 6/22/2013 11:57:27 PM | Computer Name = CAB-Desktop3 | Source = DCOM | ID = 10010
Description =

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

Hmm. I can't comply.

All of the Win32:Evo-gen [Susp] and Win32:BogEnt reports include lines that state Avast was unable to quarantine or delete the file.

Like this:

6/24/2013 12:23:00 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.

And this:

10/26/2011 12:41:17 AM C:\Program Files (x86)\HP Games\Virtual Families\Virtual Families-WT.exe|>[Emul] [L] Win32:BogEnt [Susp] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process

Thus, there are no relevant items to restore from quarantine.

To your point, however, it is strange that the file system shield is getting hits on these files while the full system scan is not.

Here are the last couple of days worth of File System Shield reports:

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Sunday, June 23, 2013 8:40:33 AM
*

6/24/2013 12:23:00 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/24/2013 12:23:04 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/24/2013 12:23:06 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/24/2013 12:25:13 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/24/2013 12:30:04 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Monday, June 24, 2013 6:16:38 PM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Monday, June 24, 2013 9:41:50 PM
*

6/25/2013 12:24:14 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU1F56.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/25/2013 12:24:19 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAU42E5.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/25/2013 12:24:21 AM C:\Users\Carolyn Bosworth\AppData\Local\Temp\SAUE19C.tmp|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/25/2013 12:26:36 AM C:\Users\Carolyn Bosworth\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/25/2013 12:30:06 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
6/25/2013 12:35:21 AM C:\Windows\Installer\8679666d.msi|>Data1.cab|>zltvpp.dll [L] Win32:Evo-gen [Susp] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.

And here are the results of the last few full scans, including one I just did tonight:

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Nightly Scan
* Started on: Monday, June 24, 2013 3:00:01 AM
* VPS: 130623-2, 06/23/2013
*

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe|>$INSTDIR\\wtmui_fr\sounds\mystery.ogg|> [E] ARJ archive is corrupted. (42120)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\cce3413e-970c-4a71-8c00-6c078273746c-extr.exe|>$INSTDIR\\images\awards\trophy_played_all_boards.pnge|> [E] ARJ archive is corrupted. (42120)
C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe|>$INSTDIR\\media\hud\touxiang\7_alpha.png|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouKu\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}\HP Support Assistant.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\Windows\Installer\1064e2ce.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\Windows\Installer\25c763db.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Users\Carolyn Bosworth\Desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\Windows\Installer\28d4d45.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\images\launchProductPage.png|> [E] ARJ archive is corrupted. (42120)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
c:\users\carolyn bosworth\desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
Infected files: 0
Total files: 986415
Total folders: 41366
Total size: 174.0 GB

*
* Scan stopped: Monday, June 24, 2013 4:17:29 AM
* Run-time was 1 hour(s), 17 minute(s), 28 second(s)
*

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Nightly Scan
* Started on: Tuesday, June 25, 2013 3:00:00 AM
* VPS: 130624-2, 06/24/2013
*

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe|>$INSTDIR\\wtmui_fr\sounds\mystery.ogg|> [E] ARJ archive is corrupted. (42120)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\cce3413e-970c-4a71-8c00-6c078273746c-extr.exe|>$INSTDIR\\images\awards\trophy_played_all_boards.pnge|> [E] ARJ archive is corrupted. (42120)
C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe|>$INSTDIR\\media\hud\touxiang\7_alpha.png|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouKu\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}\HP Support Assistant.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\Windows\Installer\1064e2ce.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS008D5.log [E] The system cannot find the file specified (2)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS008D4.log [E] The system cannot find the file specified (2)
C:\Windows\Installer\25c763db.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Users\Carolyn Bosworth\Desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\Windows\Installer\28d4d45.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\images\launchProductPage.png|> [E] ARJ archive is corrupted. (42120)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
c:\users\carolyn bosworth\desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
Infected files: 0
Total files: 995023
Total folders: 41575
Total size: 173.5 GB

*
* Scan stopped: Tuesday, June 25, 2013 4:22:42 AM
* Run-time was 1 hour(s), 22 minute(s), 42 second(s)
*

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Nightly Scan
* Started on: Tuesday, June 25, 2013 6:07:52 PM
* VPS: 130625-1, 06/25/2013
*

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe|>$INSTDIR\\wtmui_fr\sounds\mystery.ogg|> [E] ARJ archive is corrupted. (42120)
C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F6F2.tmp [E] The system cannot find the file specified (2)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\ProgramData\WildTangent\cce3413e-970c-4a71-8c00-6c078273746c-extr.exe|>$INSTDIR\\images\awards\trophy_played_all_boards.pnge|> [E] ARJ archive is corrupted. (42120)
C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe|>$INSTDIR\\media\hud\touxiang\7_alpha.png|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouKu\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\225B.tmp [E] The system cannot find the file specified (2)
C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}\HP Support Assistant.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\Windows\Installer\1064e2ce.msi|>Data1.cab|>_7CA772718D20B855FF8478E3B8AAF102|> [E] ARJ archive is corrupted. (42120)
C:\Windows\Installer\25c763db.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\226D.tmp [E] The system cannot find the file specified (2)
C:\Users\Carolyn Bosworth\Desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
C:\Windows\Installer\28d4d45.msp|>PCW_CAB_Family3|>_FC89ABF58FE5A9A8FF7E74A876C47675|> [E] ARJ archive is corrupted. (42120)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\images\launchProductPage.png|> [E] ARJ archive is corrupted. (42120)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
c:\users\carolyn bosworth\desktop\lws231_full.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
Infected files: 0
Total files: 995731
Total folders: 41722
Total size: 174.4 GB

*
* Scan stopped: Tuesday, June 25, 2013 7:24:11 PM
* Run-time was 1 hour(s), 16 minute(s), 19 second(s)
*

Thanks again for your help.

/cb

Here's the log. Thanks again!

2013-06-26 18:44:39 Sophos Virus Removal Tool version 2.3
2013-06-26 18:44:39 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-06-26 18:44:39 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-26 18:44:39 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-06-26 18:44:39 Checking for updates...
2013-06-26 18:44:42 Update progress: proxy server not available
2013-06-26 18:44:46 Option all = no
2013-06-26 18:44:46 Option recurse = yes
2013-06-26 18:44:46 Option archive = no
2013-06-26 18:44:46 Option service = yes
2013-06-26 18:44:46 Option confirm = yes
2013-06-26 18:44:46 Option sxl = yes
2013-06-26 18:44:46 Option max-data-age = 35
2013-06-26 18:44:46 Component SVRTcli.exe version 2.3
2013-06-26 18:44:46 Component control.dll version 2.3
2013-06-26 18:44:46 Component SVRTservice.exe version 2.3
2013-06-26 18:44:46 Component engine\osdp.dll version 1.44.0.2091
2013-06-26 18:44:46 Component engine\veex.dll version 3.44.1.2091
2013-06-26 18:44:46 Component engine\savi.dll version 7.5.12.2091
2013-06-26 18:44:46 Component rkdisk.dll version 1.5.30.0
2013-06-26 18:44:46 Version info: Product version 2.3
2013-06-26 18:44:46 Version info: Detection engine 3.44.1
2013-06-26 18:44:46 Version info: Detection data 4.90
2013-06-26 18:44:46 Version info: Build date 6/13/2013
2013-06-26 18:44:46 Version info: Data files added 367
2013-06-26 18:44:46 Version info: Last successful update (not yet updated)
2013-06-26 18:46:44 Downloading updates...
2013-06-26 18:46:44 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-06-26 18:46:44 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-06-26 18:46:44 Update progress: [I49502] Found supplement IDE491 LATEST
2013-06-26 18:46:44 Update progress: [I49502] Found supplement IDE492 LATEST
2013-06-26 18:46:44 Update progress: [I49502] Found supplement IDE493 LATEST
2013-06-26 18:46:44 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-06-26 18:46:44 Update progress: [I19463] Syncing product SAVIW32 29
2013-06-26 18:46:50 Update progress: [I19463] Syncing product IDE491 181
2013-06-26 18:46:52 Installing updates...
2013-06-26 18:46:52 Update progress: [I19463] Syncing product IDE492 190
2013-06-26 18:46:52 Update progress: [I19463] Syncing product IDE493 1
2013-06-26 18:47:07 Update successful
2013-06-26 18:47:21 Option all = no
2013-06-26 18:47:21 Option recurse = yes
2013-06-26 18:47:21 Option archive = no
2013-06-26 18:47:21 Option service = yes
2013-06-26 18:47:21 Option confirm = yes
2013-06-26 18:47:21 Option sxl = yes
2013-06-26 18:47:21 Option max-data-age = 35
2013-06-26 18:47:21 Component SVRTcli.exe version 2.3
2013-06-26 18:47:21 Component control.dll version 2.3
2013-06-26 18:47:21 Component SVRTservice.exe version 2.3
2013-06-26 18:47:21 Component engine\osdp.dll version 1.44.0.2091
2013-06-26 18:47:21 Component engine\veex.dll version 3.44.1.2091
2013-06-26 18:47:21 Component engine\savi.dll version 7.5.12.2091
2013-06-26 18:47:21 Component rkdisk.dll version 1.5.30.0
2013-06-26 18:47:21 Version info: Product version 2.3
2013-06-26 18:47:21 Version info: Detection engine 3.44.1
2013-06-26 18:47:21 Version info: Detection data 4.90G
2013-06-26 18:47:21 Version info: Build date 6/13/2013
2013-06-26 18:47:21 Version info: Data files added 367
2013-06-26 18:47:21 Version info: Last successful update 6/26/2013 6:47:07 PM

2013-06-26 18:48:12 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2013-06-26 18:57:25 Could not open C:\hiberfil.sys
2013-06-26 18:57:30 Could not open C:\pagefile.sys
2013-06-26 19:08:37 Could not open C:\System Volume Information\{1357f457-dbb9-11e2-865e-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{1357f505-dbb9-11e2-865e-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{1357f537-dbb9-11e2-865e-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{23d5955d-d738-11e2-8bc7-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{23d595cf-d738-11e2-8bc7-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{23d59611-d738-11e2-8bc7-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{23d59699-d738-11e2-8bc7-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{23d5970b-d738-11e2-8bc7-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{5c42b0a4-dd51-11e2-855b-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{5c42b13e-dd51-11e2-855b-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{5c42b179-dd51-11e2-855b-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:08:37 Could not open C:\System Volume Information\{8bb4bbd3-d6f1-11e2-8326-d48564c171fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-26 19:10:45 Could not open C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Current Session
2013-06-26 19:10:45 Could not open C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2013-06-26 19:10:45 Could not open C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK
2013-06-26 19:10:46 Could not open C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
2013-06-26 19:10:46 Could not open C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
2013-06-26 19:15:10 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-06-26 19:15:10 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-06-26 19:30:46 Could not open LOGICAL:0005:00000000
2013-06-26 19:30:46 Could not open F:\
2013-06-26 19:30:46 Could not open LOGICAL:0006:00000000
2013-06-26 19:30:46 Could not open G:\
2013-06-26 19:30:46 Could not open LOGICAL:0007:00000000
2013-06-26 19:30:46 Could not open H:\
2013-06-26 19:30:46 Could not open LOGICAL:0008:00000000
2013-06-26 19:30:46 Could not open I:\
2013-06-26 19:30:46 Could not open PHYSICAL:0081:0000:0000:0001
2013-06-26 19:30:46 Could not open PHYSICAL:0082:0000:0000:0001
2013-06-26 19:30:46 Could not open PHYSICAL:0083:0000:0000:0001
2013-06-26 19:30:46 Could not open PHYSICAL:0084:0000:0000:0001