Subsystem Error "Image type not supported"

Inactive
By wisenblaker
Jul 17, 2013
  1. I keep getting an error trying to open almost all programs on my lenovo running windows 7. I created a thread in the windows section and was told to try here as well. I installed a windows update about two weeks ago and became stuck in a startup loop that I thought I solved with a restore from a back up. However, I discovered this above error after attempting to open almost any program besides word and excel and such. I think it may be a malware issue and I would love any help that could be given. Thanks!
  2. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  3. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Hey there Broni, I followed another one of your posts similar to this up to the FRST.txt and realized it was going to be computer specific. Here is the Addition:

    ADDITION:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
    Ran by Collin at 2013-07-17 20:59:36
    Running from C:\Users\Collin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================


    64 Bit HP CIO Components Installer (Version: 7.2.8)
    Akamai NetSession Interface (HKCU)
    Apple Mobile Device Support (Version: 6.1.0.13)
    AutoCAD 2013 - English (Version: 19.0.114.0)
    AutoCAD 2013 - English (Version: 19.0.55.0)
    AutoCAD 2013 - English SP1.1 (Version: 1)
    AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)
    Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
    Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
    Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
    Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
    Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)
    Autodesk Simulation Multiphysics 2012 (Version: 2012.00.00.0163)
    Autodesk Sync (Version: 3.5.102.0)
    Bonjour (Version: 3.0.0.10)
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    DWG TrueView 2013 (Version: 19.0.55.0)
    hematica Extras 9.0 (4092550) (Version: 9.0.1)
    HP Customer Participation Program 13.0 (Version: 13.0)
    HP Deskjet 3050A J611 series Basic Device Software (Version: 23.0.504.0)
    HP Deskjet 3510 series Basic Device Software (Version: 28.0.989.0)
    HP Imaging Device Functions 13.0 (Version: 13.0)
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
    HP Smart Web Printing 4.51 (Version: 4.51)
    HP Solution Center 13.0 (Version: 13.0)
    iCloud (Version: 2.1.2.8)
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 15.0.0.0059)
    Intel(R) Wireless Display
    Intel(R) Wireless Music device driver (Version: 1.5.5323.0)
    Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
    Intel® Trusted Connect Service Client (Version: 1.23.605.1)
    iTunes (Version: 11.0.4.4)
    Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50)
    LEGO MINDSTORMS NXT x64 Driver (Version: 1.20.115.0)
    Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2300)
    Lenovo OneKey Recovery (Version: 7.0.0.3712)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
    MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000)
    Network64 (Version: 130.0.572.000)
    Network64 (Version: 140.0.221.000)
    NI Assistant Framework 64-bit (Version: 7.5.127.0)
    NI Authentication 2.0 (64-bit) (Version: 2.0.220.0)
    NI Curl 1.1 (64-bit) (Version: 1.1.216.0)
    NI DataSocket 4.9 (64-bit) (Version: 4.9.217.0)
    NI GMP Windows 64-bit Installer 11.0.0 (Version: 11.0.22.0)
    NI Help Assistant (64bit) (Version: 1.0.11)
    NI LabVIEW Broker (64 bit) (Version: 6.8.10.0)
    NI Logos64 5.3.0 (Version: 5.3.223.0)
    NI Logos64 XT Support (Version: 5.3.222.0)
    NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0)
    NI Math Kernel Libraries (64-bit) (Version: 1.0.5.0)
    NI MAX Remote Configuration 64-bit Installer 5.0 (Version: 5.00.49153)
    NI MAX Support for 64 Bit Windows (Version: 5.00.49153)
    NI mDNS Responder 1.6 for Windows 64-bit (Version: 1.60.49155)
    NI MXS 5.0.0 for 64 Bit Windows (Version: 5.00.49153)
    NI Network Discovery 5.0 for Windows 64-bit (Version: 5.00.49152)
    NI Portable Configuration for 64 Bit Windows 5.0.0 (Version: 5.00.49152)
    NI SSL Support (64-bit) (Version: 10.0.297.0)
    NI System API Windows 64-bit 5.0.0 (Version: 5.0.312.0)
    NI System Configuration Runtime 5.0.0 for Windows 64-bit (Version: 5.0.361.0)
    NI System State Publisher (64-bit) (Version: 11.0.306.0)
    NI System Web Server Base 2.0 (64-bit) (Version: 2.0.215.0)
    NI TDM Excel Add-In 3.3 64-bit (Version: 3.3.28.0)
    NI TDMS (64-bit) (Version: 2.3.175.0)
    NI Trace Engine (64-bit) (Version: 11.0.213.0)
    NI USI 1.9.0 64-Bit (Version: 1.9.04551)
    NI Variable Engine (64-bit) (Version: 2.5.242.0)
    NI VC2005MSMs x64 (Version: 8.04.0)
    NI VC2008MSMs x64 (Version: 9.0.301)
    NI Web Application Server 2.0 (64-bit) (Version: 1.1.269.0)
    NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
    NI Xalan Delay Load 1.10.1 64-bit (Version: 1.10.47.0)
    NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0)
    NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5 (Version: 1.95.49152)
    NI-RPC 4.2.2f0 for 64 Bit Windows (Version: 4.22.49152)
    NVIDIA Control Panel 306.97 (Version: 306.97)
    NVIDIA Graphics Driver 306.97 (Version: 306.97)
    NVIDIA Install Application (Version: 2.1002.85.551)
    NVIDIA Optimus 1.10.8 (Version: 1.10.8)
    NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
    NVIDIA Update 1.10.8 (Version: 1.10.8)
    NVIDIA Update Components (Version: 1.10.8)
    OCR Software by I.R.I.S. 13.0 (Version: 13.0)
    Python 2.7.3 (64-bit) (Version: 2.7.3150)
    Shared C Run-time for x64 (Version: 10.0.0)
    Shop for HP Supplies (Version: 13.0)
    SolidWorks 2012 x64 Edition SP02 (Version: 20.120.55)
    SolidWorks eDrawings 2012 x64 Edition SP02 (Version: 12.2.110)
    Synaptics Pointing Device Driver (Version: 15.3.38.0)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    VmciSockets (Version: 9.1.54.1)
    Windows Live Family Safety (Version: 15.4.3502.0922)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Language Selector (Version: 15.4.3508.1109)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Remote Client (Version: 15.4.5722.2)
    Windows Live Remote Client Resources (Version: 15.4.5722.2)
    Windows Live Remote Service (Version: 15.4.5722.2)
    Windows Live Remote Service Resources (Version: 15.4.5722.2)
    WinRAR 4.20 (64-bit) (Version: 4.20.0)

    ==================== Restore Points =========================

    04-07-2013 05:00:00 Scheduled Checkpoint
    13-07-2013 07:12:38 Windows Update
    13-07-2013 11:29:34 Windows Update
    14-07-2013 04:15:25 Windows Update
    14-07-2013 04:34:41 Windows Update
    17-07-2013 17:36:33 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 21:34 - 2012-12-09 03:36 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {01115868-8140-456C-9506-FA2372334D1F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
    Task: {116458B3-344C-4AFE-9C6F-C49D26ABE773} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
    Task: {13F04D83-F3A5-4581-A4B6-A767B5DAD7B7} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe No File
    Task: {1B2719E7-97D7-4548-8BA8-21ED6DD2CCB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3976F64D-06FE-4D98-8AE8-0418DB39EB41} - System32\Tasks\AdobeAAMUpdater-1.0-Collin-PC-Collin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
    Task: {3BE091D5-4B7F-4607-87C1-49ADF67DC84E} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
    Task: {533F15A3-9C09-4D97-AFBB-F530C8B5C379} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
    Task: {803082DF-7689-46D6-99C2-BE65686D34E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
    Task: {80B2920C-8FC2-4545-9408-F17D9FD92A08} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2011-06-07] (National Instruments)
    Task: {E009B097-8A77-409A-9F44-D931860E89B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Officejet 6300 series
    Description: Officejet 6300 series
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Officejet 6300 series
    Description: Officejet 6300 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.MapPI> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in manager <> cannot be initialized.

    Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in manager <> cannot be initialized.

    Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in manager <> cannot be initialized.

    Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:57:43 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


    System errors:
    =============
    Error: (07/17/2013 08:58:22 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 26 time(s).

    Error: (07/17/2013 08:58:22 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147218170.

    Error: (07/17/2013 08:57:43 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 25 time(s).

    Error: (07/17/2013 08:57:43 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147218170.

    Error: (07/17/2013 08:02:01 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 24 time(s).

    Error: (07/17/2013 08:02:01 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147218170.

    Error: (07/17/2013 08:00:01 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 23 time(s).

    Error: (07/17/2013 08:00:01 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147218170.

    Error: (07/17/2013 07:34:01 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
    Description: 0x8000002a171\??\Volume{9eee80c7-aee5-11e1-88fc-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{40BF05FC-90EA-4E04-A833-370C757C1EA3}

    Error: (07/17/2013 07:09:29 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 22 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
    Search.TripoliIndexer

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
    Search.JetPropStore

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
    Search.MapPI

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:58:22 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    (HRESULT : 0x800401f3) (0x800401f3)

    Error: (07/17/2013 08:57:43 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


    CodeIntegrity Errors:
    ===================================
    Date: 2013-05-28 18:18:59.685
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-31 23:51:41.614
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-31 23:51:41.288
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-01 18:22:09.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-01 18:22:09.734
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-01 18:21:41.120
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-03-01 18:21:40.862
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-26 21:20:36.478
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-26 21:20:36.376
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

    Date: 2012-10-15 14:47:49.728
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 22%
    Total physical RAM: 8094.36 MB
    Available physical RAM: 6289.41 MB
    Total Pagefile: 16186.89 MB
    Available Pagefile: 13877.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:886.32 GB) (Free:660.81 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.68 GB) NTFS (Disk=0 Partition=3)
    Drive e: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.16 GB) FAT32 (Disk=1 Partition=1)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3B8DB40F)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=20 GB) - (Type=12)

    ========================================================
    Disk: 1 (Size: 15 GB) (Disk ID: 04030201)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

    ==================== End Of Log ============================
  4. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    And FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
    Ran by Collin (administrator) on 17-07-2013 20:57:54
    Running from C:\Users\Collin\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    (Lenovo) C:\Windows\System32\NSDSvc.exe
    (Quest Software) C:\Windows\system32\pnusbvirtualhubwssrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Intel Corporation) C:\Windows\system32\igfxpers.exe
    (Intel Corporation) C:\Windows\system32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
    (McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated)
    HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
    HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-05] (Lenovo)
    HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-05] (Lenovo)
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKCU\...\Run: [ooVoo.exe] - C:\program files (x86)\oovoo\oovoo.exe [25249400 2012-05-29] (ooVoo LLC)
    HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
    HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
    HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\I-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
    HKCU\...\Run: [AdobeBridge] - [x]
    HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
    HKLM-x32\...\Run: [vmware-tray] - "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-01-18] (VMware, Inc.)
    HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-05] (Lenovo)
    HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-11] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
    HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
    HKLM-x32\...\Run: [Intelligent Touchpad] - C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
    HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-01] ()
    HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [NI Update Service] - "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask [3002976 2011-06-07] (National Instruments)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
    HKLM-x32\...\Run: [pnusbclitray] - pnusbclitray.exe [67480 2012-06-09] (Quest Software)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
    HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA [x]
    HKU\UpdatusUser\...\Run: [ooVoo.exe] - C:\program files (x86)\oovoo\oovoo.exe /minimized [25249400 2012-05-29] (ooVoo LLC)
    HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] - "C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
    HKU\UpdatusUser\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 [846520 2010-06-21] ()
    HKU\UpdatusUser\...\Run: [iFunBoxConnector] - "C:\Program Files (x86)\I-Funbox DevTeam\ifb_conn.exe" [812544 2012-11-20] ()
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-02] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-02] (NVIDIA Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

    ==================== Internet (Whitelisted) ====================

    URLSearchHook: (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
    URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130713062807.dll (McAfee, Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Plugin Update - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Plugin Update\uc.dll ()
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130305164023.dll (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
    Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
    Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
    Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
    Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
    Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
    Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default
    FF user.js: detected! => C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default\user.js
    FF SelectedSearchEngine: Search the web (Babylon)
    FF Homepage: hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    FF Extension: No Name - C:\Users\Collin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    FF Extension: BitTorrentControl_v12 - C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [uc@uc.com] C:\Program Files (x86)\Plugin Update\FF\
    FF Extension: No Name - C:\Program Files (x86)\Plugin Update\FF\

    Chrome:
    =======
    CHR HomePage: hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll (McAfee, Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (National Instruments LabVIEW 2011 Netscape Plug-in for Windows) - C:\Program Files (x86)\Mozilla Firefox\plugins\nplv2011win32.dll (National Instruments)
    CHR Plugin: (National Instruments LabVIEW 9.0 Netscape Plug-in for Windows) - C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll (National Instruments)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (BitTorrentControl_v12) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0
    CHR Extension: (Mahjongg) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0
    CHR Extension: () - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
    CHR Extension: (Ancient Dark) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkfcefhebalbhjgphdocdieolkkgffo\1.1_0
    CHR Extension: () - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
    CHR Extension: (Apple Shooter) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0
    CHR Extension: (Chrome Sounds) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfibincabhfblmkmhcabnlghmncdcaf\1.1_0
    CHR Extension: (Strike Force Heroes HD) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefnkbjjknfeplogkgdnnljnmobhgmnh\1.0.1_0
    CHR Extension: (Happy Wheels) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0
    CHR Extension: (Hack me!) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljpmlpgnjljcjikoimdifbklgebnpkej\6.0_0
    CHR Extension: (Google I/O: input/output) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh\1.3.3.7_0
    CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
    CHR Extension: (Battlefield Play4Free) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0

    ==================== Services (Whitelisted) =================

    S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
    S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
    S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
    S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
    S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-05-27] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-05-27] (National Instruments Corporation)
    S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
    S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
    S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
    S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-06-10] (National Instruments Corporation)
    S2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-05-27] (National Instruments Corporation)
    S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676016 2011-06-14] (National Instruments Corporation)
    R2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-04-15] ()
    R2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [473600 2013-03-03] (Quest Software)
    S2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [736648 2012-07-12] (US Tech Support LLC)
    S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
    R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
    R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
    R2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [51736 2013-03-03] (Quest Software)
    S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [37272 2013-03-03] (Quest Software)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
    U3 BcmSqlStartupSvc;
    U2 CLKMSVC10_3A60B698;
    U2 CLKMSVC10_C3B3B687;
    U2 DriverService;
    U2 iATAgentService;
    U2 idealife Update Service;
    U3 IGRS;
    U2 IviRegMgr;
    U3 mfeavfk01; No ImagePath
    U2 Oasis2Service;
    U2 PCCarerService;
    U2 ReadyComm.DirectRouter;
    U2 RichVideo;
    U2 RtLedService;
    U2 SeaPort;
    U2 SoftwareService;
    U3 SQLWriter;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-07-17 20:57 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\Collin\Desktop\frst64.exe
    2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\FRST
    2013-07-17 12:39 - 2013-07-17 12:40 - 00000000 ____D C:\Windows\system32\MRT
    2013-07-13 19:42 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-07-13 19:42 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2013-07-13 02:21 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2013-07-13 02:21 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2013-07-13 02:21 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2013-07-13 02:21 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-06-29 14:28 - 2013-06-29 14:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscat32.dll
    2013-06-29 14:26 - 2013-06-29 14:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2013-06-29 13:17 - 2013-06-08 09:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-06-29 13:17 - 2013-06-08 09:07 - 19233792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 02648064 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-06-29 13:17 - 2013-06-08 07:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-06-29 13:17 - 2013-06-08 06:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-29 13:17 - 2013-06-08 06:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    ==================== One Month Modified Files and Folders =======

    2013-07-17 20:57 - 2012-06-21 19:16 - 01789019 _____ C:\FaceProv.log
    2013-07-17 20:29 - 2012-09-05 18:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-17 20:15 - 2012-06-05 03:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-07-17 18:56 - 2012-06-05 03:11 - 01957893 _____ C:\Windows\WindowsUpdate.log
    2013-07-17 18:52 - 2012-06-05 04:00 - 00584542 _____ C:\Windows\system32\fastboot.set
    2013-07-17 18:52 - 2012-06-05 03:59 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\FRST
    2013-07-17 14:40 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-17 14:40 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-17 14:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-17 14:33 - 2009-07-13 23:51 - 00086096 _____ C:\Windows\setupact.log
    2013-07-17 13:30 - 2013-07-17 20:57 - 01778209 _____ (Farbar) C:\Users\Collin\Desktop\frst64.exe
    2013-07-17 12:55 - 2009-07-13 23:45 - 05167856 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-07-17 12:52 - 2011-10-10 03:19 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-17 12:40 - 2013-07-17 12:39 - 00000000 ____D C:\Windows\system32\MRT
    2013-07-13 23:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-07-13 23:11 - 2012-11-04 15:08 - 00001728 _____ C:\Users\Collin\Documents\acad.err
    2013-07-13 06:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-07-13 06:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-06-29 14:28 - 2013-06-29 14:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscat32.dll
    2013-06-29 14:26 - 2013-06-29 14:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2013-06-29 14:18 - 2012-06-05 03:25 - 00000000 ____D C:\Windows\SysWOW64\SDA
    2013-06-29 14:18 - 2012-06-05 03:25 - 00000000 ____D C:\Program Files (x86)\LockKey
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
    2013-06-29 14:17 - 2012-06-05 03:59 - 00000000 ____D C:\ProgramData\VeriFace
    2013-06-29 14:17 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-06-29 14:16 - 2013-06-08 00:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-29 14:16 - 2013-04-16 20:37 - 00000000 ____D C:\Users\Collin\Downloads\photoshop
    2013-06-29 14:16 - 2013-04-15 14:47 - 00000000 ____D C:\Users\Collin\Downloads\jtk374en
    2013-06-29 14:16 - 2013-03-18 13:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-06-29 14:16 - 2012-12-07 02:44 - 00000000 ____D C:\Python27
    2013-06-29 14:16 - 2012-11-12 23:15 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 3
    2013-06-29 14:16 - 2012-11-04 14:38 - 00000000 ____D C:\Users\Collin\AppData\Local\Akamai
    2013-06-29 14:16 - 2012-10-26 14:00 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2013-06-29 14:16 - 2012-09-05 18:56 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-06-29 14:16 - 2012-09-04 04:45 - 00000000 ____D C:\Windows\Minidump
    2013-06-29 14:16 - 2012-09-04 00:20 - 00000000 ____D C:\Users\Collin\AppData\Roaming\VMware
    2013-06-29 14:16 - 2012-09-03 19:06 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2013-06-29 14:16 - 2012-09-03 19:05 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-29 14:16 - 2012-07-18 22:48 - 00000000 ____D C:\Users\Collin\Desktop\eclipse
    2013-06-29 14:16 - 2012-06-27 23:13 - 00000000 ____D C:\Users\Collin\Desktop\Stronghold Crusader
    2013-06-29 14:16 - 2012-06-27 23:07 - 00000000 ____D C:\ProgramData\Energy Management
    2013-06-29 14:16 - 2012-06-22 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2013-06-29 14:16 - 2012-06-21 20:30 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2013-06-29 14:16 - 2012-06-21 20:27 - 00000000 ____D C:\Users\Collin\AppData\Local\Microsoft Help
    2013-06-29 14:16 - 2012-06-21 19:18 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2013-06-29 14:16 - 2012-06-05 03:54 - 00000000 ____D C:\ProgramData\McAfee
    2013-06-29 14:16 - 2012-06-05 03:25 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
    2013-06-29 14:16 - 2012-06-05 03:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-06-29 14:16 - 2011-10-10 03:19 - 00000000 ____D C:\Windows\ShellNew
    2013-06-29 14:16 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
    2013-06-29 14:16 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2013-06-29 14:15 - 2013-06-08 00:21 - 00000000 ____D C:\Program Files\iTunes
    2013-06-29 14:15 - 2013-06-08 00:21 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-29 14:15 - 2013-06-05 10:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-06-29 14:15 - 2013-03-18 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-06-29 14:15 - 2013-02-09 00:04 - 00000000 ____D C:\Program Files (x86)\Plugin Update
    2013-06-29 14:15 - 2013-02-04 22:08 - 00000000 ____D C:\Program Files (x86)\I-Funbox DevTeam
    2013-06-29 14:15 - 2013-01-14 15:26 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
    2013-06-29 14:15 - 2012-11-04 14:44 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013
    2013-06-29 14:15 - 2012-10-12 14:33 - 00000000 ____D C:\Program Files (x86)\RASAero
    2013-06-29 14:15 - 2012-09-05 18:39 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2013-06-29 14:15 - 2012-08-28 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-06-29 14:15 - 2012-08-28 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-06-29 14:15 - 2012-06-22 21:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2013-06-29 14:15 - 2012-06-22 21:27 - 00000000 ____D C:\Program Files\Bonjour
    2013-06-29 14:15 - 2012-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-06-29 14:15 - 2012-06-21 20:30 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2013-06-29 14:15 - 2012-06-05 03:55 - 00000000 ____D C:\Program Files (x86)\ooVoo
    2013-06-29 14:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
    2013-06-29 14:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2013-06-29 13:56 - 2012-09-03 23:48 - 00000000 ____D C:\ProgramData\VMware
    2013-06-29 13:54 - 2012-07-15 13:36 - 00000000 ____D C:\Program Files\McAfee
    2013-06-29 11:32 - 2012-06-21 19:18 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-06-29 11:32 - 2012-06-21 19:16 - 00000000 ____D C:\Users\Collin
    2013-06-24 00:57 - 2012-06-30 18:01 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-06-22 02:00 - 2012-08-28 20:14 - 00000000 ____D C:\Users\Collin\AppData\Local\Adobe
    2013-06-21 19:48 - 2012-06-05 03:59 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-07-13 07:11

    ==================== End Of Log ============================
  5. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Sorry...I didnt realize it was posting when I hit the post because I didnt see it edit...thats why theres all the periods
  6. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Any reason you posted FRST log 6 or 7 times?

    It looks like we have one 32-bit system file missing:

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    svchost.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
  7. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Sorry about that I couldn't tell it was posting it:/

    Here's the search:

    Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
    Ran by Collin at 2013-07-17 21:18:29
    Running from C:\Users\Collin\Desktop
    Boot Mode: Normal

    ================== Search: "svchost.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
    [2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

    C:\Windows\System32\svchost.exe
    [2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

    ====== End Of Search ======
  8. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    There is no backup for that file.
    Let me fire up my Win 7.
    Hold on...
  9. Broni

    Broni Malware Annihilator Posts: 46,339   +252

  10. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    OK so I restarted my computer and it tried to do an automatic windows update but failed and said it was reverting changes. Then it came up normal like it has been but still no luck with opening other programs.
  11. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    One of my rules says:
    Please comply.

    Same error as before?
    What programs?
    Any program?

    Post fresh FRST log.
     
  12. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    I dont know how to stop the automatic updates...is there a way to turn those off?
    and same error as before with any program.
  13. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
    Ran by Collin (administrator) on 18-07-2013 19:17:45
    Running from C:\Users\Collin\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    (Lenovo) C:\Windows\System32\NSDSvc.exe
    (Quest Software) C:\Windows\system32\pnusbvirtualhubwssrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Intel Corporation) C:\Windows\system32\igfxpers.exe
    (Intel Corporation) C:\Windows\system32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated)
    HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
    HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-05] (Lenovo)
    HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-05] (Lenovo)
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKCU\...\Run: [ooVoo.exe] - C:\program files (x86)\oovoo\oovoo.exe [25249400 2012-05-29] (ooVoo LLC)
    HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
    HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
    HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\I-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
    HKCU\...\Run: [AdobeBridge] - [x]
    HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
    HKLM-x32\...\Run: [vmware-tray] - "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-01-18] (VMware, Inc.)
    HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-05] (Lenovo)
    HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-11] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
    HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
    HKLM-x32\...\Run: [Intelligent Touchpad] - C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
    HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-01] ()
    HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [NI Update Service] - "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask [3002976 2011-06-07] (National Instruments)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
    HKLM-x32\...\Run: [pnusbclitray] - pnusbclitray.exe [67480 2012-06-09] (Quest Software)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
    HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA [x]
    HKU\UpdatusUser\...\Run: [ooVoo.exe] - C:\program files (x86)\oovoo\oovoo.exe /minimized [25249400 2012-05-29] (ooVoo LLC)
    HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] - "C:\Users\Collin\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
    HKU\UpdatusUser\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 [846520 2010-06-21] ()
    HKU\UpdatusUser\...\Run: [iFunBoxConnector] - "C:\Program Files (x86)\I-Funbox DevTeam\ifb_conn.exe" [812544 2012-11-20] ()
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-02] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-02] (NVIDIA Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

    ==================== Internet (Whitelisted) ====================

    URLSearchHook: (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
    URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={sear...SP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Plugin Update - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Plugin Update\uc.dll ()
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
    Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
    Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
    Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
    Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
    Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
    Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default
    FF user.js: detected! => C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default\user.js
    FF SelectedSearchEngine: Search the web (Babylon)
    FF Homepage: hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    FF Extension: No Name - C:\Users\Collin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    FF Extension: BitTorrentControl_v12 - C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\p7zshopm.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [uc@uc.com] C:\Program Files (x86)\Plugin Update\FF\
    FF Extension: No Name - C:\Program Files (x86)\Plugin Update\FF\

    Chrome:
    =======
    CHR HomePage: hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28
    CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116223&tt=4612_6&babsrc=HP_ss&mntrId=e075f4fe000000000000dc0ea1f3fb28"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll (McAfee, Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (National Instruments LabVIEW 2011 Netscape Plug-in for Windows) - C:\Program Files (x86)\Mozilla Firefox\plugins\nplv2011win32.dll (National Instruments)
    CHR Plugin: (National Instruments LabVIEW 9.0 Netscape Plug-in for Windows) - C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll (National Instruments)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (BitTorrentControl_v12) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0
    CHR Extension: (Mahjongg) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0
    CHR Extension: () - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
    CHR Extension: (Ancient Dark) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkfcefhebalbhjgphdocdieolkkgffo\1.1_0
    CHR Extension: () - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
    CHR Extension: (Apple Shooter) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0
    CHR Extension: (Chrome Sounds) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfibincabhfblmkmhcabnlghmncdcaf\1.1_0
    CHR Extension: (Strike Force Heroes HD) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefnkbjjknfeplogkgdnnljnmobhgmnh\1.0.1_0
    CHR Extension: (Happy Wheels) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0
    CHR Extension: (Hack me!) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljpmlpgnjljcjikoimdifbklgebnpkej\6.0_0
    CHR Extension: (Google I/O: input/output) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh\1.3.3.7_0
    CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
    CHR Extension: (Battlefield Play4Free) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0

    ==================== Services (Whitelisted) =================

    S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
    S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
    S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
    S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
    S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-05-27] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-05-27] (National Instruments Corporation)
    S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
    S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
    S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
    S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-06-10] (National Instruments Corporation)
    S2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-05-27] (National Instruments Corporation)
    S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676016 2011-06-14] (National Instruments Corporation)
    R2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-04-15] ()
    R2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [473600 2013-03-03] (Quest Software)
    S2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [736648 2012-07-12] (US Tech Support LLC)
    S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
    R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
    R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
    R2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [51736 2013-03-03] (Quest Software)
    S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [37272 2013-03-03] (Quest Software)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
    U3 BcmSqlStartupSvc;
    U2 CLKMSVC10_3A60B698;
    U2 CLKMSVC10_C3B3B687;
    U2 DriverService;
    U2 iATAgentService;
    U2 idealife Update Service;
    U3 IGRS;
    U2 IviRegMgr;
    U3 mfeavfk01; No ImagePath
    U2 Oasis2Service;
    U2 PCCarerService;
    U2 ReadyComm.DirectRouter;
    U2 RichVideo;
    U2 RtLedService;
    U2 SeaPort;
    U2 SoftwareService;
    U3 SQLWriter;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-07-18 09:06 - 2013-07-18 09:05 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    2013-07-17 21:18 - 2013-07-17 21:19 - 00000635 _____ C:\Users\Collin\Desktop\Search.txt
    2013-07-17 20:59 - 2013-07-17 20:59 - 00023444 _____ C:\Users\Collin\Desktop\Addition.txt
    2013-07-17 20:57 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\Collin\Desktop\frst64.exe
    2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\FRST
    2013-07-17 12:39 - 2013-07-17 12:40 - 00000000 ____D C:\Windows\system32\MRT
    2013-07-13 19:42 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-07-13 19:42 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2013-07-13 02:21 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2013-07-13 02:21 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2013-07-13 02:21 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2013-07-13 02:21 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-06-29 14:28 - 2013-06-29 14:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscat32.dll
    2013-06-29 14:26 - 2013-06-29 14:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2013-06-29 13:17 - 2013-06-08 09:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-06-29 13:17 - 2013-06-08 09:07 - 19233792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 02648064 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-06-29 13:17 - 2013-06-08 09:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-06-29 13:17 - 2013-06-08 07:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-06-29 13:17 - 2013-06-08 06:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-29 13:17 - 2013-06-08 06:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-29 13:17 - 2013-06-08 06:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    ==================== One Month Modified Files and Folders =======

    2013-07-18 19:17 - 2012-06-21 19:16 - 01796128 _____ C:\FaceProv.log
    2013-07-18 19:15 - 2012-06-05 03:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-07-18 19:04 - 2012-09-05 18:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-18 09:29 - 2012-06-05 03:11 - 01173252 _____ C:\Windows\WindowsUpdate.log
    2013-07-18 09:26 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-18 09:26 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-18 09:24 - 2012-06-05 04:00 - 00971760 _____ C:\Windows\system32\fastboot.set
    2013-07-18 09:24 - 2012-06-05 03:59 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-07-18 09:19 - 2011-10-10 03:19 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-18 09:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-18 09:18 - 2009-07-13 23:51 - 00086264 _____ C:\Windows\setupact.log
    2013-07-18 09:18 - 2009-07-13 23:45 - 05167856 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-07-18 09:05 - 2013-07-18 09:06 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    2013-07-17 21:19 - 2013-07-17 21:18 - 00000635 _____ C:\Users\Collin\Desktop\Search.txt
    2013-07-17 20:59 - 2013-07-17 20:59 - 00023444 _____ C:\Users\Collin\Desktop\Addition.txt
    2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\FRST
    2013-07-17 13:30 - 2013-07-17 20:57 - 01778209 _____ (Farbar) C:\Users\Collin\Desktop\frst64.exe
    2013-07-17 12:40 - 2013-07-17 12:39 - 00000000 ____D C:\Windows\system32\MRT
    2013-07-13 23:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-07-13 23:11 - 2012-11-04 15:08 - 00001728 _____ C:\Users\Collin\Documents\acad.err
    2013-07-13 06:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-07-13 06:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-06-29 14:28 - 2013-06-29 14:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscat32.dll
    2013-06-29 14:26 - 2013-06-29 14:26 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2013-06-29 14:18 - 2012-06-05 03:25 - 00000000 ____D C:\Windows\SysWOW64\SDA
    2013-06-29 14:18 - 2012-06-05 03:25 - 00000000 ____D C:\Program Files (x86)\LockKey
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
    2013-06-29 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
    2013-06-29 14:17 - 2012-06-05 03:59 - 00000000 ____D C:\ProgramData\VeriFace
    2013-06-29 14:17 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
    2013-06-29 14:17 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-06-29 14:16 - 2013-06-08 00:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-29 14:16 - 2013-04-16 20:37 - 00000000 ____D C:\Users\Collin\Downloads\photoshop
    2013-06-29 14:16 - 2013-04-15 14:47 - 00000000 ____D C:\Users\Collin\Downloads\jtk374en
    2013-06-29 14:16 - 2013-03-18 13:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-06-29 14:16 - 2012-12-07 02:44 - 00000000 ____D C:\Python27
    2013-06-29 14:16 - 2012-11-12 23:15 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 3
    2013-06-29 14:16 - 2012-11-04 14:38 - 00000000 ____D C:\Users\Collin\AppData\Local\Akamai
    2013-06-29 14:16 - 2012-10-26 14:00 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2013-06-29 14:16 - 2012-09-05 18:56 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-06-29 14:16 - 2012-09-04 04:45 - 00000000 ____D C:\Windows\Minidump
    2013-06-29 14:16 - 2012-09-04 00:20 - 00000000 ____D C:\Users\Collin\AppData\Roaming\VMware
    2013-06-29 14:16 - 2012-09-03 19:06 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2013-06-29 14:16 - 2012-09-03 19:05 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-29 14:16 - 2012-07-18 22:48 - 00000000 ____D C:\Users\Collin\Desktop\eclipse
    2013-06-29 14:16 - 2012-06-27 23:13 - 00000000 ____D C:\Users\Collin\Desktop\Stronghold Crusader
    2013-06-29 14:16 - 2012-06-27 23:07 - 00000000 ____D C:\ProgramData\Energy Management
    2013-06-29 14:16 - 2012-06-22 21:28 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2013-06-29 14:16 - 2012-06-21 20:30 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2013-06-29 14:16 - 2012-06-21 20:27 - 00000000 ____D C:\Users\Collin\AppData\Local\Microsoft Help
    2013-06-29 14:16 - 2012-06-21 19:18 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-06-29 14:16 - 2012-06-21 19:16 - 00000000 ____D C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2013-06-29 14:16 - 2012-06-05 03:54 - 00000000 ____D C:\ProgramData\McAfee
    2013-06-29 14:16 - 2012-06-05 03:25 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
    2013-06-29 14:16 - 2012-06-05 03:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-06-29 14:16 - 2011-10-10 03:19 - 00000000 ____D C:\Windows\ShellNew
    2013-06-29 14:16 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
    2013-06-29 14:16 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
    2013-06-29 14:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2013-06-29 14:15 - 2013-06-08 00:21 - 00000000 ____D C:\Program Files\iTunes
    2013-06-29 14:15 - 2013-06-08 00:21 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-29 14:15 - 2013-06-05 10:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-06-29 14:15 - 2013-03-18 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-06-29 14:15 - 2013-02-09 00:04 - 00000000 ____D C:\Program Files (x86)\Plugin Update
    2013-06-29 14:15 - 2013-02-04 22:08 - 00000000 ____D C:\Program Files (x86)\I-Funbox DevTeam
    2013-06-29 14:15 - 2013-01-14 15:26 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
    2013-06-29 14:15 - 2012-11-04 14:44 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2013
    2013-06-29 14:15 - 2012-10-12 14:33 - 00000000 ____D C:\Program Files (x86)\RASAero
    2013-06-29 14:15 - 2012-09-05 18:39 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2013-06-29 14:15 - 2012-08-28 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-06-29 14:15 - 2012-08-28 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-06-29 14:15 - 2012-06-22 21:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2013-06-29 14:15 - 2012-06-22 21:27 - 00000000 ____D C:\Program Files\Bonjour
    2013-06-29 14:15 - 2012-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-06-29 14:15 - 2012-06-21 20:30 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2013-06-29 14:15 - 2012-06-05 03:55 - 00000000 ____D C:\Program Files (x86)\ooVoo
    2013-06-29 14:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
    2013-06-29 14:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2013-06-29 13:56 - 2012-09-03 23:48 - 00000000 ____D C:\ProgramData\VMware
    2013-06-29 13:54 - 2012-07-15 13:36 - 00000000 ____D C:\Program Files\McAfee
    2013-06-29 11:32 - 2012-06-21 19:18 - 00000000 ___RD C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-06-29 11:32 - 2012-06-21 19:16 - 00000000 ____D C:\Users\Collin
    2013-06-24 00:57 - 2012-06-30 18:01 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-06-22 02:00 - 2012-08-28 20:14 - 00000000 ____D C:\Users\Collin\AppData\Local\Adobe
    2013-06-21 19:48 - 2012-06-05 03:59 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-07-13 07:11

    ==================== End Of Log ============================
  14. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    It can't be any program since you're able to run FRST.
  15. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    I think it is because I had to download it from a different computer and then transfered it to that computer so its not like a program I downloaded on the cumputer with the problem
  16. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    It shouldn't matter.

    I can see following restore points:

    04-07-2013 05:00:00 Scheduled Checkpoint
    13-07-2013 07:12:38 Windows Update
    13-07-2013 11:29:34 Windows Update
    14-07-2013 04:15:25 Windows Update
    14-07-2013 04:34:41 Windows Update
    17-07-2013 17:36:33 Windows Update

    Try to use one from July 4th
  17. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    How would I restore from said point?
  18. Broni

    Broni Malware Annihilator Posts: 46,339   +252

  19. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Ok I am doing the restore now and will update you with the effects
  20. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    So I restored to that point and still have the same error.
  21. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  22. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Ok so I dont have internet access on the computer I am trying to fix because it wont open internet explorer so I tried downloading in onto a flash drive and running it from there but I get the subsystem error when I try to.
  23. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Personally I've never seen this kind of error before.

    Said that...

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
  24. wisenblaker

    wisenblaker Newcomer, in training Topic Starter Posts: 19

    Thanks for your help! I will have them reopen my other thread and hopefully they can figure out whats up.
  25. Broni

    Broni Malware Annihilator Posts: 46,339   +252



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.