[Resolved] Popups and Redirects

[milestone121]

{E27A8442-596D-4677-892D-C035F8809A8F} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TQRNO6Z\watkins_glen[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{E7A3D83F-57E0-4F17-BDFA-80507901E6E8} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REH4GJS6\bus_simulator_deluxe-en-v1_0[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{EA36AAC8-6342-4E56-B114-56FEB598CDE2} ->  launches: C:\Program Files (x86)\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe [file not found]
{EAB59161-5EAF-4B66-9C22-2767D3284EA3} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GXZZAZ2\macao[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{EB3583EE-0134-4BAD-8C92-889B2211172D} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstaller.exe" -d "C:\Program Files (x86)\EA Games\Battlefield Heroes" [MS]
{EF7919EA-0704-48B3-A09D-BAF3BE1DABB6} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P082ULVI\sav114unm32-64[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{F08D609F-8ECB-4E5F-AA62-854BF25C53A0} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REH4GJS6\PedalToTheMetalSetup-dm[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{F1B214DE-351C-46DC-B3E3-C5BB4F4F70D1} ->  launches: C:\windows\system32\pcalua.exe -a C:\DELL\DRIVERS\R272410\Setup.exe -d C:\DELL\DRIVERS\R272410 [MS]
{F3129168-CA6C-444A-9982-DB663666F91E} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GXZZAZ2\valencia[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{F86C1446-FEA7-448B-A666-664DC6486356} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHYM7AWU\One%20Night%20SEv2.5_1[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]
{FF4CB419-7518-417F-8806-0A88A20D3304} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\Desktop\GT\KH GOG\RPGVX_RTP\Setup.exe" -d "C:\Users\bkaduthanam\Desktop\GT\KH GOG\RPGVX_RTP" [MS]
{FFA5491F-0949-4B0F-98BD-AD86072E4A4A} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\bkaduthanam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXXCAVSK\silverstone[1].exe" -d C:\Users\bkaduthanam\Desktop [MS]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan ->  launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM…CLSID} = KernelCeipCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM…CLSID} = UsbCeip
                 \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM…Wow…CLSID} = UsbCeip
                     \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM…CLSID} = WinSAT Task Manger Task
                 \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
                     \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
                 \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
                 \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
                     \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
                 \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
                     \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM…CLSID} = RasMobilityManager
                 \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM…CLSID} = RegistryIdleBackupHandler
                 \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
                 \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM…CLSID} = RunTask
                 \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM…Wow…CLSID} = RunTask
                     \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
                 \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
                     \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
                     \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
AutomaticBackup ->  launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]
Windows Backup Monitor ->  launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
MpIdleTask -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-956480253-2055238685-225334759-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\nwprovau.dll [file not found]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 29


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{32099AAC-C132-4136-9E9A-4E364A424E17} = (no title provided)
  -> {HKLM…CLSID} = DAEMON Tools Toolbar
                 \InProcServer32\(Default) = C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} = PHPNukeEN Toolbar
  -> {HKLM…Wow…CLSID} = PHPNukeEN Toolbar
                     \InProcServer32\(Default) = C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll [file not found]

{30F9B915-B755-4826-820B-08FBA6BD249D} = Conduit Engine
  -> {HKLM…Wow…CLSID} = Conduit Engine
                     \InProcServer32\(Default) = C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Ltd.]

{28387537-E3F9-4ED7-860C-11E69AF4A8A0} = Wincore Mediabar
  -> {HKLM…Wow…CLSID} = Wincore Mediabar
                     \InProcServer32\(Default) = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [file not found]

Explorer Bars

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9CA7484-A322-4B85-9F73-BA4F71B6E81D}\(Default) = Conduit Engine Findbar
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Ltd.]

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button
                     \InProcServer32\(Default) = C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Andrea ST Filters Service, AESTFilters, C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [Andrea Electronics Corporation]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Audio Service, STacSV, C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [IDT, Inc.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Dock Login Service, DockLoginService, C:\Program Files\Dell\DellDock\DockLogin.exe [Stardock Corporation]
DW WLAN Tray Service, wltrysvc, "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [Dell Inc.]
Intel(R) Management & Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
LicCtrl Service, LicCtrlService, C:\windows\runservice.exe [null data]
otshot, otshot, C:\program files\otshot\ZalmanUpdateService.exe [null data]
Pharos Systems ComTaskMaster, Pharos Systems ComTaskMaster, "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [Pharos Systems International]
PnkBstrA, PnkBstrA, C:\windows\system32\PnkBstrA.exe [file not found]
SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [SoftThinks SAS]
SupportSoft Sprocket Service (DellSupportCenter), sprtsvc_DellSupportCenter, "C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [SupportSoft, Inc.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Yahoo! Updater, YahooAUService, "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [Yahoo! Inc.]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> GoToAssist, Service
<<!>> McMPFSvc, Service
<<!>> MCODS,


Accessibility Tools:
--------------------

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\
Configuration = mousekeys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\
Configuration = mousekeys


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Pharos Systems Popup Port Monitor\Driver = PSR9A850.DLL [Pharos Systems International]


---------- (launch time: 2012-08-12 18:06:19)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 65 seconds, including 3 seconds for message boxes)

[Hoov]

Does otshot sound familiar to you?

[milestone121]

It was some random thing I installed but then uninstalled it later.

[Hoov]

Can you look thru the log you just posted, and see how much junk is there from programs that you have uninstalled in the past? Let me know how much is garbage, and how much you still use. Just look at the names you see, don't worry about deciphering all the CLSID's.

[milestone121]

I will tell you tomorrow, I have to sleep early today sorry!

[milestone121]

Right now I can say Divx and otshot are unwanted. I don't know what GrooveShellExtension is. I will check better because I can't find anything else unwanted.

[Hoov]

GrooveShellExtension  is part of Microsoft. It used to be part of Lotus notes, but Microsoft has bought them up. Divx and Otshot will not cause the problems you are having now.

Download this and save it to your desktop. Right click on the .reg file (on Desktop) and click on Merge. Click on the Run button for Security Warning pop-up. Click on Continue (UAC), Yes, and then OK when prompted. When done, you can delete the .reg file (on Desktop).

Now try running chkdsk again. Let me know how that goes.

[milestone121]

I still get the same message I mentioned when doing it in safe mode with command prompt.

[Hoov]

Open an elevated command prompt (go to the start button and then to all programs then to accessories and right click on command prompt and select run as administrator) then type in sfc /scannow and hit enter.

Once that is done, try running chkdsk again from a command prompt, just as you did earlier.

[milestone121]

same thing again.

[Hoov]

Go to C:\Windows\System32\autochk.exe.
Follow the instructions here and allow your user to have full control over it.
Now right click on C:\Windows\System32\autochk.exe (the same file) and select properties. Now click on the details tab. Let me know what the file version number is.

[milestone121]

6.1.7601.17514

[Hoov]

Do a search on your harddrive for chkdsk.exe , it should be in C:\Windows\System32 , right click on it and select run as admin. Tell me what it does.

[milestone121]

It says F parameter not specified.
CHKDSK is running in read only mode.
Then it says CHKDSK is verifying files or something like that and it closes after like 7 or 8 seconds. And then gives a message and closes immediately. It so hard I cannot read it because it closes too fast. I tried taking screenshots but too fast. The message had something like "cannot" in it.
After searching online about it, I think that message is supposed to be "CHKDSK cannot continue in read-only mode" but am not sure. I think it is this that showed up there.

[Hoov]

Go to the command prompt and try typing chkdsk /f and hitting enter. let me know what happens.