[Computer doesn't even work out of safe mode]

Thanks again for your help. Very much appreciated!!!

[Computer doesn't even work out of safe mode]

Hmmm...I only downloaded the free version.

[Computer doesn't even work out of safe mode]

No I didn't know to set this up. So I should do this on both computers?

[Computer doesn't even work out of safe mode]

Well...thanks very much. It was Norton 360. So I uninstalled and reinstalled Norton and during that process, it asked me to remove Malwarebytes! Seems the two were conflicting and that makes sense, considering I just downloaded MBAM a week or so ago. I don't believe they should conflict, right? I'm running both with no problem on the laptop.

Thanks SOOOOO much for your help! I will be sure to contribute to the cause... you saved me at least $75!!

[Computer doesn't even work out of safe mode]

Okay, so hypothetically speaking (well, not really hypothetical) if you end up with everything unchecked and it's STILL doing it, am I SOL?! I uninstalled a few recent programs that I don't particularly remember doing myself and I've also methodically unchecked programs on the starter program you gave me. The computer is acting the same.

[Computer doesn't even work out of safe mode]

Am I on the "startups" tab? And in "all sections"? I tried a few so far, but no luck. I'll try more options. I have a bad feeling about Strongvault since its so new and sounds unfamiliar. But when I disabled it, it didn't help.

[Computer doesn't even work out of safe mode]

Sorry, I do not see where to attach a file, so I copy/pasted both here.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01

Ran by Laabs (administrator) on 21-04-2013 16:10:02

Running from C:\Users\Laabs\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Network

==================== Processes (Whitelisted) =================

(Microsoft Corporation) [1216] C:\Windows\system32\ctfmon.exe

(Farbar) [1728] C:\Users\Laabs\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] ()

HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2792448 2013-02-25] (Alcatel-Lucent)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-12] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [567320 2010-10-12] (PDF Complete Inc)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [sMessaging] C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)

HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295072 2013-02-03] (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

Toolbar: HKCU - No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

PDF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab

PDF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)

S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-02-25] (Alcatel-Lucent)

S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [818200 2010-10-12] (PDF Complete Inc)

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-10] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-10] (Symantec Corporation)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSvia64.sys [513184 2012-10-09] (Symantec Corporation)

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\ENG64.SYS [126192 2013-02-28] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\EX64.SYS [2087664 2013-02-28] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-10] (Symantec Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S1 ccSet_N360; \SystemRoot\system32\drivers\N360x64\1403010.016\ccSetx64.sys [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\1403010.016\SRTSP64.SYS [x]

S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\1403010.016\SRTSPX64.SYS [x]

R0 SymDS; system32\drivers\N360x64\1403010.016\SYMDS64.SYS [x]

R0 SymEFA; system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [x]

S1 SymIRON; \SystemRoot\system32\drivers\N360x64\1403010.016\Ironx64.SYS [x]

S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-21 16:09 - 2013-04-21 16:09 - 00000000 ____D C:\FRST

2013-04-21 16:09 - 2013-04-21 16:05 - 01707098 ____A (Farbar) C:\Users\Laabs\Desktop\FRST64.exe

2013-04-21 14:26 - 2013-04-21 14:26 - 00017061 ____A C:\ComboFix.txt

2013-04-21 14:18 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe

2013-04-21 14:18 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe

2013-04-21 14:18 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-04-21 14:18 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-04-21 14:18 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-04-21 14:18 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe

2013-04-21 14:18 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe

2013-04-21 14:18 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe

2013-04-21 14:17 - 2013-04-21 14:26 - 00000000 ____D C:\Qoobox

2013-04-21 14:17 - 2013-04-21 14:25 - 00000000 ____D C:\Windows\erdnt

2013-04-21 11:22 - 2013-04-21 11:09 - 05057323 ____R (Swearware) C:\Users\Laabs\Desktop\ComboFix.exe

2013-04-21 10:28 - 2013-04-21 10:29 - 00010180 ____A C:\Users\Laabs\Desktop\04212013_102414.log

2013-04-21 10:24 - 2013-04-21 10:24 - 00000000 ____D C:\_OTL

2013-04-21 09:15 - 2013-04-21 09:10 - 00602112 ____A (OldTimer Tools) C:\Users\Laabs\Desktop\OTL.exe

2013-04-20 21:40 - 2013-04-20 21:40 - 00005722 ____A C:\AdwCleaner[R2].txt

2013-04-20 21:31 - 2013-04-20 21:31 - 00000216 ____A C:\crp.vbs

2013-04-20 20:48 - 2013-04-20 20:48 - 00005709 ____A C:\AdwCleaner[R1].txt

2013-04-20 20:48 - 2013-04-20 20:46 - 00613083 ____A C:\Users\Laabs\Desktop\adwcleaner.exe

2013-04-20 20:21 - 2013-04-20 20:22 - 00000000 ____D C:\Users\Laabs\Desktop\RK_Quarantine

2013-04-20 20:20 - 2013-04-20 20:10 - 00791040 ____A C:\Users\Laabs\Desktop\RogueKillerX64.exe

2013-04-16 15:05 - 2013-04-16 15:05 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-04-16 15:05 - 2013-04-16 15:05 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\Malwarebytes

2013-04-16 15:05 - 2013-04-16 15:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-16 15:05 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-04-16 15:01 - 2013-04-16 15:04 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Laabs\Downloads\mbam-setup-1.75.0.1300.exe

2013-04-11 03:01 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-11 03:01 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-11 03:01 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-11 03:01 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-11 03:01 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-11 03:01 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-11 03:01 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-11 03:01 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-11 03:01 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-11 03:01 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-11 03:01 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-11 03:01 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-11 03:01 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-11 03:01 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-11 03:01 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-11 03:01 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-11 03:01 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-11 03:01 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-11 03:01 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-11 03:01 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-11 03:01 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-11 03:01 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-11 03:01 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-11 03:01 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-11 03:01 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-11 03:01 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-11 03:01 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-11 03:01 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-11 03:01 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-11 03:01 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-11 03:01 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-11 03:01 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-10 07:54 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-10 07:54 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-10 07:54 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-10 07:54 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-10 07:54 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-10 07:54 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-10 07:54 - 2013-03-02 01:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-10 07:54 - 2013-02-28 22:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-10 07:54 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-10 07:54 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-10 07:54 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-10 07:54 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-10 07:54 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-10 07:54 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-10 07:54 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-09 19:45 - 2013-04-09 19:45 - 00001462 ____A C:\Users\Laabs\.recently-used.xbel

2013-03-26 07:25 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

==================== One Month Modified Files and Folders =======

2013-04-21 16:09 - 2013-04-21 16:09 - 00000000 ____D C:\FRST

2013-04-21 16:05 - 2013-04-21 16:09 - 01707098 ____A (Farbar) C:\Users\Laabs\Desktop\FRST64.exe

2013-04-21 15:11 - 2012-10-19 20:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-21 14:53 - 2013-02-03 10:20 - 00000000 ____D C:\Users\Laabs\AppData\Local\Strongvault Online Backup

2013-04-21 14:51 - 2011-03-10 21:05 - 00763356 ____A C:\Windows\PFRO.log

2013-04-21 14:51 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-21 14:51 - 2009-07-13 23:51 - 00064042 ____A C:\Windows\setupact.log

2013-04-21 14:26 - 2013-04-21 14:26 - 00017061 ____A C:\ComboFix.txt

2013-04-21 14:26 - 2013-04-21 14:17 - 00000000 ____D C:\Qoobox

2013-04-21 14:26 - 2012-03-05 15:50 - 00000000 ____D C:\users\NetworkService

2013-04-21 14:26 - 2012-03-05 15:50 - 00000000 ____D C:\users\LocalService

2013-04-21 14:25 - 2013-04-21 14:17 - 00000000 ____D C:\Windows\erdnt

2013-04-21 14:24 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini

2013-04-21 11:09 - 2013-04-21 11:22 - 05057323 ____R (Swearware) C:\Users\Laabs\Desktop\ComboFix.exe

2013-04-21 11:06 - 2011-03-10 17:39 - 02071082 ____A C:\Windows\WindowsUpdate.log

2013-04-21 10:29 - 2013-04-21 10:28 - 00010180 ____A C:\Users\Laabs\Desktop\04212013_102414.log

2013-04-21 10:24 - 2013-04-21 10:24 - 00000000 ____D C:\_OTL

2013-04-21 09:12 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-21 09:10 - 2013-04-21 09:15 - 00602112 ____A (OldTimer Tools) C:\Users\Laabs\Desktop\OTL.exe

2013-04-21 09:10 - 2009-07-13 23:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-20 21:40 - 2013-04-20 21:40 - 00005722 ____A C:\AdwCleaner[R2].txt

2013-04-20 21:31 - 2013-04-20 21:31 - 00000216 ____A C:\crp.vbs

2013-04-20 20:48 - 2013-04-20 20:48 - 00005709 ____A C:\AdwCleaner[R1].txt

2013-04-20 20:46 - 2013-04-20 20:48 - 00613083 ____A C:\Users\Laabs\Desktop\adwcleaner.exe

2013-04-20 20:22 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Laabs\Desktop\RK_Quarantine

2013-04-20 20:13 - 2012-06-04 18:36 - 00000000 ____D C:\Users\Laabs\Documents\Emily

2013-04-20 20:11 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-20 20:10 - 2013-04-20 20:20 - 00791040 ____A C:\Users\Laabs\Desktop\RogueKillerX64.exe

2013-04-16 15:05 - 2013-04-16 15:05 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-04-16 15:05 - 2013-04-16 15:05 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\Malwarebytes

2013-04-16 15:05 - 2013-04-16 15:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-16 15:04 - 2013-04-16 15:01 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Laabs\Downloads\mbam-setup-1.75.0.1300.exe

2013-04-14 13:36 - 2011-06-05 18:57 - 00000000 ____D C:\Users\Laabs\AppData\Local\CrashDumps

2013-04-13 17:18 - 2011-06-05 14:31 - 00000000 ____D C:\Users\Laabs\Documents\PTA

2013-04-11 03:33 - 2012-11-04 11:44 - 00000000 ____D C:\Windows\Minidump

2013-04-11 03:33 - 2009-07-13 23:45 - 00377448 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-11 03:32 - 2011-03-10 21:05 - 00286934 ____N C:\Windows\Minidump\041113-80324-01.dmp

2013-04-09 19:46 - 2012-03-05 15:50 - 00000000 ____D C:\GIRDAC-PDF Output

2013-04-09 19:45 - 2013-04-09 19:45 - 00001462 ____A C:\Users\Laabs\.recently-used.xbel

2013-04-09 19:45 - 2011-06-05 13:46 - 00000000 ____D C:\users\Laabs

2013-04-09 19:44 - 2011-08-10 19:17 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\gtk-2.0

2013-04-09 19:21 - 2011-08-10 19:16 - 00000000 ____D C:\Users\Laabs\.gimp-2.6

2013-04-09 08:23 - 2012-07-09 15:57 - 00000000 ____D C:\Windows\System32\Drivers\N360x64

2013-04-08 14:37 - 2011-06-06 17:22 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-04-08 14:36 - 2011-11-07 16:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-04-08 14:35 - 2011-06-06 17:20 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\HP Support Assistant

2013-04-08 14:35 - 2011-06-06 17:09 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\HpUpdate

2013-04-08 10:29 - 2011-07-13 03:20 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForLAABS-HP$.job

2013-04-07 16:13 - 2012-08-28 12:50 - 00000000 ____D C:\Users\Laabs\Documents\Cheer

2013-04-04 14:50 - 2013-04-16 15:05 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-04-01 19:34 - 2011-06-13 17:55 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForLaabs.job

2013-03-30 08:08 - 2011-03-10 21:05 - 00286102 ____N C:\Windows\Minidump\033013-46363-01.dmp

2013-03-24 16:33 - 2013-02-03 10:25 - 00000000 ____D C:\Users\Laabs\AppData\Roaming\Real

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-14 12:24

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2013 01

Ran by Laabs at 2013-04-21 16:11:15 Run:

Running from C:\Users\Laabs\Desktop

Boot Mode: Network

==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 1.5.3.9130)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Agatha Christie - Peril at End House (Version: 2.2.0.95)

Apple Application Support (Version: 2.2.2)

Apple Mobile Device Support (Version: 6.0.0.59)

Apple Software Update (Version: 2.1.3.127)

AT&T Troubleshoot & Resolve Tool

ATI Catalyst Install Manager (Version: 3.0.774.0)

att.net Internet Mail

att.net Toolbar

Bejeweled 2 Deluxe (Version: 2.2.0.95)

Bing Bar (Version: 7.1.361.0)

Bing Rewards Client Installer (Version: 16.0.345.0)

Blackhawk Striker 2 (Version: 2.2.0.95)

Blasterball 3 (Version: 2.2.0.95)

Blio (Version: 2.0.5350)

Bonjour (Version: 3.0.0.10)

Bounce Symphony (Version: 2.2.0.95)

Build-a-lot 2 (Version: 2.2.0.95)

Cabela`s Outdoor Adventures (Version: 1.0.0)

Cake Mania (Version: 2.2.0.95)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)

Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)

Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)

CCC Help Chinese Standard (Version: 2010.0511.2152.37435)

CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)

CCC Help Czech (Version: 2010.0511.2152.37435)

CCC Help Danish (Version: 2010.0511.2152.37435)

CCC Help Dutch (Version: 2010.0511.2152.37435)

CCC Help English (Version: 2010.0511.2152.37435)

CCC Help Finnish (Version: 2010.0511.2152.37435)

CCC Help French (Version: 2010.0511.2152.37435)

CCC Help German (Version: 2010.0511.2152.37435)

CCC Help Greek (Version: 2010.0511.2152.37435)

CCC Help Hungarian (Version: 2010.0511.2152.37435)

CCC Help Italian (Version: 2010.0511.2152.37435)

CCC Help Japanese (Version: 2010.0511.2152.37435)

CCC Help Korean (Version: 2010.0511.2152.37435)

CCC Help Norwegian (Version: 2010.0511.2152.37435)

CCC Help Polish (Version: 2010.0511.2152.37435)

CCC Help Portuguese (Version: 2010.0511.2152.37435)

CCC Help Russian (Version: 2010.0511.2152.37435)

CCC Help Spanish (Version: 2010.0511.2152.37435)

CCC Help Swedish (Version: 2010.0511.2152.37435)

CCC Help Thai (Version: 2010.0511.2152.37435)

CCC Help Turkish (Version: 2010.0511.2152.37435)

ccc-core-static (Version: 2010.0511.2153.37435)

ccc-utility64 (Version: 2010.0511.2153.37435)

Chuzzle Deluxe (Version: 2.2.0.95)

Chuzzle Deluxe 1.01

Clone Wars

Coupon Printer for Windows (Version: 5.0.0.1)

CyberLink DVD Suite Deluxe (Version: 7.0.3210)

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)

Dora's World Adventure (Version: 2.2.0.95)

DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)

Epson Event Manager (Version: 2.40.0001)

Epson FAX Utility (Version: 1.10.00)

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 520 Series Printer Uninstall

EpsonNet Print (Version: 2.4j)

EpsonNet Setup 3.3 (Version: 3.3b)

Escape Rosecliff Island (Version: 2.2.0.95)

Farm Frenzy (Version: 2.2.0.95)

FATE (Version: 2.2.0.95)

Final Drive Nitro (Version: 2.2.0.95)

Free M4a to MP3 Converter 7.1

Free RAR Extract Frog (Version: 4.70)

Free Realms

GIMP 2.6.11 (Version: 2.6.11)

GIRDAC Free PDF Creator (Version: 3.0.1.1)

GIRDAC Port

Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)

Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)

HP Auto (Version: 1.0.12494.3472)

HP Client Services (Version: 1.0.12656.3472)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP Game Console

HP Games (Version: 1.0.1.5)

HP MediaSmart DVD (Version: 4.2.4521)

HP MediaSmart Music (Version: 4.2.4517)

HP MediaSmart Photo (Version: 4.2.4513)

HP MediaSmart SmartMenu (Version: 3.1.2.4)

HP MediaSmart Video (Version: 4.2.4522)

HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)

HP MovieStore (Version: 1.0.027)

HP MovieStore (Version: 2.0.2)

HP Odometer (Version: 2.10.0000)

HP Setup (Version: 8.4.4400.3525)

HP Setup Manager (Version: 1.0.12844.3519)

HP Support Assistant (Version: 7.0.39.15)

HP Support Information (Version: 10.1.1000)

HP Update (Version: 5.002.003.003)

HP Vision Hardware Diagnostics (Version: 2.1.6.0)

iTunes (Version: 10.7.0.21)

Jewel Quest Solitaire 2 (Version: 2.2.0.95)

JumpStart World Presents Pet Playground

Junk Mail filter update (Version: 15.4.3502.0922)

Kobo (Version: 1.6)

LabelPrint (Version: 2.5.3130)

LightScribe System Software (Version: 1.18.15.1)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.60.253.0)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Mystery P.I. - The London Caper (Version: 2.2.0.95)

Norton 360 (Version: 20.3.1.22)

Norton Online Backup (Version: 2.1.17869)

PDF Complete Corporate Edition (Version: 3.5.307)

Penguins! (Version: 2.2.0.95)

PhotoNow! (Version: 1.1.7717)

Pirate101 (Version: 1.0.0)

Pivot Stickfigure Animator version 2.2.7 (Version: 2.2.7)

Plants vs. Zombies (Version: 2.2.0.95)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayReady PC Runtime x86 (Version: 1.3.0)

Poker Superstars III (Version: 2.2.0.95)

Polar Bowler (Version: 2.2.0.95)

Polar Golfer (Version: 2.2.0.95)

Power2Go (Version: 6.1.4329)

PowerDirector (Version: 8.0.3129)

PressReader (Version: 5.10.621.0)

PrintServer Utilities

RealDownloader (Version: 1.3.0)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.0)

Realtek High Definition Audio Driver (Version: 6.0.1.6196)

RealUpgrade 1.1 (Version: 1.1.0)

Recovery Manager (Version: 5.5.3219)

Republic at War 1.1

ROBLOX Player for Laabs

RoxioNow Player (Version: 1.9.5.101)

Serif PagePlus Starter Edition (Version: 2.0.2.009)

Skype™ 5.10 (Version: 5.10.116)

Star Wars Empire at War (Version: 1.0)

Star Wars Empire at War Forces of Corruption (Version: 1.0)

Star Wars Empire at War Forces of Corruption Demo (Version: 1.0)

Strongvault Online Backup (Version: 1.0.1.0)

Strongvault Online Backup (Version: 5.0.2.34)

Trophy Hunter 2003 - Rocky Mountain Adventures

Unity Web Player (Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Virtual Families (Version: 2.2.0.95)

Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)

VNC Enterprise Edition E4.5.3 (Version: E4.5.3)

Wheel of Fortune 2 (Version: 2.2.0.95)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3502.0922)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Wizard101 (Version: 1.0.0)

World of Tanks

Yahoo! Software Update

Zinio Reader 4 (Version: 4.0.3184)

Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points =========================

07-04-2013 22:09:49 Scheduled Checkpoint

11-04-2013 08:00:47 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe FE Family Controller

Description: Realtek PCIe FE Family Controller

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: RTL8167

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/21/2013 02:18:04 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (04/21/2013 02:18:04 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode

.

Operation:

Instantiating VSS server

Error: (04/21/2013 02:18:04 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

Operation:

Instantiating VSS server

Error: (04/21/2013 11:04:25 AM) (Source: RasClient) (User: )

Description: CoId={CF4A6265-1090-4D6A-A7D2-6E2E16B21D35}: The user Laabs-HP\Laabs dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/17/2013 03:16:38 PM) (Source: RasClient) (User: )

Description: CoId={691F5BB6-C261-40E9-861D-F79958E039A4}: The user Laabs-HP\Laabs dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 500654

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 500654

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2013 09:01:56 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 485787

Error: (04/16/2013 09:01:56 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 485787

System errors:

=============

Error: (04/21/2013 04:09:37 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/21/2013 04:09:37 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/21/2013 04:09:32 PM) (Source: DCOM) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/21/2013 04:09:25 PM) (Source: DCOM) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (04/21/2013 04:09:22 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (04/21/2013 02:18:04 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (04/21/2013 02:18:04 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (04/21/2013 02:18:04 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (04/21/2013 11:04:25 AM) (Source: RasClient)(User: )

Description: {CF4A6265-1090-4D6A-A7D2-6E2E16B21D35}Laabs-HP\LaabsBroadband Connection651

Error: (04/17/2013 03:16:38 PM) (Source: RasClient)(User: )

Description: {691F5BB6-C261-40E9-861D-F79958E039A4}Laabs-HP\LaabsBroadband Connection651

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 500654

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 500654

Error: (04/16/2013 09:02:11 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2013 09:01:56 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 485787

Error: (04/16/2013 09:01:56 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 485787

CodeIntegrity Errors:

===================================

Date: 2013-04-21 14:24:32.204

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-21 14:24:32.017

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 2815.29 MB

Available physical RAM: 2307.93 MB

Total Pagefile: 5628.75 MB

Available Pagefile: 5140.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:371.06 GB) NTFS (Disk=0 Partition=2)

Drive d: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.62 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive g: () (Removable) (Total:0.06 GB) (Free:0.04 GB) FAT (Disk=2 Partition=1)

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 63 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 606EA97A

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 452 GB 101 MB

Partition 3 Primary 13 GB 452 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 452 GB Healthy Boot

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D HP_RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: 0108FC2E

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 63 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 G FAT Removable 63 MB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (Size: 466 GB) (Disk ID: 606EA97A)

Partition 1: (Active) - (Size=100 MB) - (Type=07) (NTFS)

Partition 2: (Not Active) - (Size=452 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=07) (NTFS)

====================================================================

Disk: 2 (Size: 63 MB) (Disk ID: 0108FC2E)

Partition 1: (Active) - (Size=63 MB) - (Type=06)

[Computer doesn't even work out of safe mode]

I started up in normal mode. It worked long enough for me to see the system tray and see that Norton was disabled. Then it froze up. All my desktop icons disappeared and I'm just staring at my background.

[Computer doesn't even work out of safe mode]

ComboFix 13-04-21.01 - Laabs 04/21/2013 14:19:48.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2206 [GMT -5:00]

Running from: c:\users\Laabs\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk

C:\Thumbs.db

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

.

.

((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))

.

.

2013-04-21 19:24 . 2013-04-21 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-21 15:24 . 2013-04-21 15:24 -------- d-----w- C:\_OTL

2013-04-21 02:31 . 2013-04-21 02:31 216 ----a-w- C:\crp.vbs

2013-04-16 20:05 . 2013-04-16 20:05 -------- d-----w- c:\users\Laabs\AppData\Roaming\Malwarebytes

2013-04-16 20:05 . 2013-04-16 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-04-16 20:05 . 2013-04-16 20:05 -------- d-----w- c:\programdata\Malwarebytes

2013-04-16 20:05 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-16 20:05 . 2013-04-16 20:05 -------- d-----w- c:\users\Laabs\AppData\Local\Programs

2013-04-10 12:54 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-08 23:39 . 2013-04-09 13:23 -------- d-----w- c:\windows\system32\drivers\N360x64\1403010.016

2013-03-26 12:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-12 22:12 . 2012-10-20 01:02 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 22:12 . 2012-10-20 01:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45 . 2013-03-12 21:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-12 21:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-12 21:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-12 21:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-12 21:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-12 21:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-03 15:25 . 2010-09-21 23:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-02-03 15:25 . 2010-09-21 23:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-12 567320]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SMessaging"="c:\users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-02-03 295072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"OTL"="c:\users\Laabs\Desktop\OTL.exe" [2013-04-21 602112]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

StrongVaultApp.exe [2012-9-7 359424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSvia64.sys [2012-10-09 513184]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-13 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-13 128512]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]

R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

R2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2013-02-25 369152]

R2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2013-02-25 460288]

R2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2013-02-25 342528]

R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-10-12 818200]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]

R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-10 138912]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 22:12]

.

2013-04-08 c:\windows\Tasks\HPCeeScheduleForLAABS-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-04-02 c:\windows\Tasks\HPCeeScheduleForLaabs.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-02-25 2792448]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)

WebBrowser-{BB45EF8E-1E36-4535-A017-EC908FB1E335} - (no file)

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-21 14:26:30

ComboFix-quarantined-files.txt 2013-04-21 19:26

.

Pre-Run: 398,576,795,648 bytes free

Post-Run: 398,450,606,080 bytes free

.

- - End Of File - - 4C1E301A055A956B10B2062C2EB5688B

[Computer doesn't even work out of safe mode]

There's basically nothing in my system tray. If it's not there, it's disabled?

[Computer doesn't even work out of safe mode]

I'm in Safe Mode...how do I know if Malwarebytes is disabled or not? It says "Activate" at the bottom of the screen...so I'm assuming I'm "not activated" right now? I believe Norton is disabled.

[Computer doesn't even work out of safe mode]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.16.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Laabs :: LAABS-HP [administrator]

4/16/2013 3:12:37 PM

mbam-log-2013-04-16 (15-12-37).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 438622

Time elapsed: 1 hour(s), 29 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Laabs\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bb45ef8e-1e36-4535-a017-ec908fb1e335} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb45ef8e-1e36-4535-a017-ec908fb1e335}\ not found.

Registry value HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB45EF8E-1E36-4535-A017-EC908FB1E335} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB45EF8E-1E36-4535-A017-EC908FB1E335}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB45EF8E-1E36-4535-A017-EC908FB1E335} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB45EF8E-1E36-4535-A017-EC908FB1E335}\ not found.

Registry value HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WorkForce 520(Network) deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report deleted successfully.

C:\AdwCleaner[s1].txt moved successfully.

C:\Users\Laabs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

ADS C:\ProgramData\Temp:346465CA deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Laabs

User: LocalService

User: NetworkService

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Laabs

->Temp folder emptied: 18024971 bytes

->Temporary Internet Files folder emptied: 53423476 bytes

->Flash cache emptied: 779273 bytes

User: LocalService

User: NetworkService

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 80403 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 4274768490 bytes

Total Files Cleaned = 4,146.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Laabs

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04212013_102414

[Computer doesn't even work out of safe mode]

No, it's still freezing up with the first program I open in regular mode. I'm still in Safe Mode.

OTL logfile created on: 4/21/2013 9:16:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laabs\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 84.52% Memory free

5.50 Gb Paging File | 5.08 Gb Available in Paging File | 92.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.46 Gb Total Space | 367.23 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Drive G: | 62.87 Mb Total Space | 41.20 Mb Free Space | 65.54% Space Free | Partition Type: FAT

Computer Name: LAABS-HP | User Name: Laabs | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 09:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/25 12:00:30 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)

SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/09/13 18:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/13 18:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/03/12 17:12:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/25 12:00:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)

SRV - [2013/02/25 11:59:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)

SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)

SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2010/10/12 15:19:14 | 000,818,200 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/25 11:59:52 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)

DRV:64bit: - [2013/02/25 11:59:46 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)

DRV:64bit: - [2013/01/30 22:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)

DRV:64bit: - [2013/01/30 22:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013/01/28 20:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013/01/28 20:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2013/01/21 21:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)

DRV:64bit: - [2012/11/15 21:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/11/15 21:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012/10/10 14:56:14 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/03/21 20:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/02/28 20:24:26 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\ex64.sys -- (NAVEX15)

DRV - [2013/02/28 20:24:26 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\eng64.sys -- (NAVENG)

DRV - [2013/02/25 11:59:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2013/02/25 11:59:32 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2012/10/10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/10/10 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/10/09 15:46:48 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\URLSearchHook: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - No CLSID value found

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{DB7C460F-A5E0-424D-ADE8-33F868F65E75}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Laabs\AppData\Local\Roblox\Versions\version-6e655c3defe448aa\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Laabs\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Laabs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012/10/10 14:56:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013/04/21 09:05:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/03 10:26:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/03 10:26:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No CLSID value found.

O3 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [sMessaging] C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\Run: [Messenger] C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe (Stronghold LLC)

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\Run: [WorkForce 520(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE /FU "C:\Windows\TEMP\E_SDC4A.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\RunOnce: [Report] C:\AdwCleaner[s1].txt ()

O4 - Startup: C:\Users\Laabs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 09:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

[2013/04/20 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Laabs\Desktop\RK_Quarantine

[2013/04/17 14:48:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Laabs\Desktop\dds.com

[2013/04/16 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Laabs\AppData\Roaming\Malwarebytes

[2013/04/16 15:05:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/16 15:05:03 | 000,000,000 | ---D | C] -- C:\Users\Laabs\AppData\Local\Programs

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 09:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/21 09:14:41 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/21 09:12:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/21 09:12:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/21 09:10:59 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/21 09:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

[2013/04/20 21:31:13 | 000,000,216 | ---- | M] () -- C:\crp.vbs

[2013/04/20 20:46:58 | 000,613,083 | ---- | M] () -- C:\Users\Laabs\Desktop\adwcleaner.exe

[2013/04/20 20:11:34 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/20 20:11:34 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/20 20:11:34 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/20 20:10:06 | 000,791,040 | ---- | M] () -- C:\Users\Laabs\Desktop\RogueKillerX64.exe

[2013/04/17 14:48:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Laabs\Desktop\dds.com

[2013/04/16 15:05:17 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/11 03:33:43 | 000,377,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/11 03:32:34 | 002,458,653 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB

[2013/04/09 19:45:05 | 000,001,462 | ---- | M] () -- C:\Users\Laabs\.recently-used.xbel

[2013/04/09 19:21:04 | 002,488,118 | R--- | M] () -- C:\Users\Laabs\Desktop\DSC00544.JPG

[2013/04/09 08:23:36 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021

[2013/04/08 10:29:05 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLAABS-HP$.job

[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/03 03:21:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini

[2013/04/01 19:34:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaabs.job

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/20 21:31:13 | 000,000,216 | ---- | C] () -- C:\crp.vbs

[2013/04/20 20:48:24 | 000,613,083 | ---- | C] () -- C:\Users\Laabs\Desktop\adwcleaner.exe

[2013/04/20 20:20:41 | 000,791,040 | ---- | C] () -- C:\Users\Laabs\Desktop\RogueKillerX64.exe

[2013/04/16 15:05:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/09 19:45:05 | 000,001,462 | ---- | C] () -- C:\Users\Laabs\.recently-used.xbel

[2013/04/09 19:21:03 | 002,488,118 | R--- | C] () -- C:\Users\Laabs\Desktop\DSC00544.JPG

[2012/10/10 08:22:51 | 000,000,290 | ---- | C] () -- C:\ProgramData\SMRResults311.dat

[2012/04/25 14:55:09 | 000,000,106 | ---- | C] () -- C:\Users\Laabs\.gtk-bookmarks

[2011/09/18 13:38:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2011/07/08 14:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011/06/30 18:47:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/06/30 18:47:39 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/06/30 18:47:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/06/30 18:47:39 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/06/30 18:47:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/06/30 18:47:39 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/06/30 18:47:39 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/06/30 18:47:39 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/06/30 18:47:39 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/06/30 18:47:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/06/30 18:47:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/06/30 18:47:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/06/30 18:47:39 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/06/30 18:47:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/06/30 18:47:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/06/30 18:47:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/06/30 18:34:32 | 000,000,117 | ---- | C] () -- C:\Windows\EWF520.ini

[2011/06/07 18:49:49 | 005,943,296 | ---- | C] () -- C:\Windows\SysWow64\Bot.dll

[2011/06/07 18:49:49 | 000,000,101 | ---- | C] () -- C:\Windows\PSXLPR.INI

[2011/06/05 19:02:18 | 000,000,107 | ---- | C] () -- C:\Windows\ka.ini

[2011/06/05 15:20:48 | 000,000,277 | ---- | C] () -- C:\Windows\SysWow64\pserver.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/08 14:56:40 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Epson

[2012/03/05 15:51:38 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\GIRDAC

[2013/04/09 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\gtk-2.0

[2011/12/15 23:09:06 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\IrfanView

[2011/06/30 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Leadertech

[2012/05/11 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Petroglyph

[2012/12/24 09:11:28 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Philipp Winterberg

[2011/07/07 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\PhotoScape

[2011/09/17 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Serif

[2011/12/15 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Softland

[2012/03/05 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\SolidDocuments

[2013/02/03 10:20:28 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Strongvault

[2012/07/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\wargaming.net

[2011/09/26 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:346465CA

< End of report >

OTL Extras logfile created on: 4/21/2013 9:16:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laabs\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 84.52% Memory free

5.50 Gb Paging File | 5.08 Gb Available in Paging File | 92.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.46 Gb Total Space | 367.23 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Drive G: | 62.87 Mb Total Space | 41.20 Mb Free Space | 65.54% Space Free | Partition Type: FAT

Computer Name: LAABS-HP | User Name: Laabs | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility

"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility

"69:UDP" = 69:UDP:*:Enabled:Print Server Utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility

"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility

"69:UDP" = 69:UDP:*:Enabled:Print Server Utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0693EACA-D33B-43A3-9467-F6A9B60A2802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{0891A2CE-8D67-48B9-B025-D2D11354A272}" = lport=445 | protocol=6 | dir=in | app=system |

"{08926C15-AB62-4AC4-A61C-4A36309309EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{08C00BCA-8393-4326-8BAB-5E9C9B2E56AF}" = lport=137 | protocol=17 | dir=in | app=system |

"{1C1539EB-7C77-496C-AABD-C9ACEC9F00D8}" = lport=10243 | protocol=6 | dir=in | app=system |

"{1C8F5F73-0DDA-45B3-843F-284D9F00C1D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2D9017CB-3446-45C0-AAD8-84FFAC0C986F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{30728465-83D0-4322-A37A-EB333DC710EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{348F2B62-DE64-40BB-8A61-62BC480F5ED8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3AA52DDD-885F-438E-8CAE-A389E80C9FF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{455B3B58-4B2E-4427-ADE0-D9E3F4104C77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6164F34A-47CC-4F0B-8B0E-AE5B4F6841B1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{71403D6F-F0E8-4034-8DAF-C861AF2BC582}" = rport=139 | protocol=6 | dir=out | app=system |

"{8E46CC73-B4C9-4127-9D7A-13D7B03BF04F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{957FEB59-4AC3-49F9-9D69-373A361B389F}" = rport=445 | protocol=6 | dir=out | app=system |

"{99D981BB-66F5-4C7C-B6FB-6DF0E2CB5396}" = rport=138 | protocol=17 | dir=out | app=system |

"{ADE15299-8BFA-42E4-825C-59BB7A008E44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B44EE2CC-E0C8-431F-BA17-8AF12764CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BF9DD4B8-2D6E-4E2A-8772-B13FDB39DC78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C5B3AD57-5F8E-4AE8-BC42-F22CE01E2127}" = lport=139 | protocol=6 | dir=in | app=system |

"{C6BDFC20-DC0C-4E48-9CC8-8C273F879E17}" = lport=138 | protocol=17 | dir=in | app=system |

"{D12E7CA0-72BD-4663-9671-B8C38CF0B811}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E7B07E60-B414-4F1C-BBF4-D30EF6A01EBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{EB9F4216-3887-4EF3-9D2A-2AFFC808AF21}" = rport=137 | protocol=17 | dir=out | app=system |

"{F33EA90D-D99E-4715-B434-DB87771EA2AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06D7AB26-1FE3-410A-B8D5-0A1B9AC8B02E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0A1146F4-939E-4353-864D-3381C43CFC65}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{158CC9C5-84B7-4384-BCF5-99F9AB07DC7D}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |

"{1687FFF0-FF9F-4144-9067-398B5A813779}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{172DF329-6427-4147-9547-B5A764830E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{1A905DFC-D244-47B5-8354-DC566BE9A3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1CB6D2D4-B1DF-4EBE-B15F-A8DAA10134CD}" = protocol=6 | dir=in | app=c:\users\laabs\appdata\local\temp\7zs5305.tmp\symnrt.exe |

"{20917619-AC86-4446-83CB-0AC88F90AAD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{264E516A-CC62-44B9-812A-480C15AE69DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{2AC19040-FC73-4E49-8F1D-6D4D4249BFBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3253BC5E-D563-4862-BFE0-01B21366B1C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{34B1D31F-AF7C-4AED-BC8A-9851CA552397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34E55A01-9AC0-4021-8FD0-8A8C71A5C571}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{38B86140-97B9-447D-BFCA-E0D423B8A9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |

"{3EE685D7-E261-411D-9FE6-88924A5E1981}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{4CDB01CA-2918-4BC1-8882-51E6DA1A68DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4ECDBA8D-1E74-435B-AB03-9B9F244A46A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{528FC862-40F0-44FD-8F40-43CED020BFB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{552FC4CF-A8B5-4FF6-A952-6476B4FBB173}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

"{57216844-B585-427C-84C6-F1745A2EA41D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{5A0D2C43-2B51-4552-A69D-04DB64CC2DFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{5B29CF4E-697B-4DB8-B3C2-E442EB01BED5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5BB7AAD0-BDDF-43AD-B84D-C040D1096B08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{5D6203A4-3B3E-46A1-984C-192E5B04B110}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{5DD55EB5-8532-4DE8-ACA0-C5D38EE1AB73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5EFC03A5-F04B-443C-8F46-48982063395B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{60596C1B-198C-483D-86C6-AE6C6B6CCF31}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{619920D3-3E4F-43D6-B1C5-A1AA97C6E069}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{692B1684-9BF8-479E-9373-58747C2D671F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{6FD39077-BE23-43BB-ACBB-D1871D95F373}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{74D41D82-0DEB-4332-9966-74A9159AD0B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{7A861A69-ADA4-4A82-94D8-49D4AB08AD8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{7AD27DFC-A98B-4331-BBC2-6783E48D5EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |

"{7C3BE289-A88A-4B87-99A6-8CC4D9774984}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{7F0A4BCD-D14A-4C79-A98B-12BD33B7EA7A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{7F75B415-377B-4BCD-8383-3B5FF18C0552}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{7FAC307E-9896-407E-9FEF-CF6E32457E9F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{8425587C-432D-419F-9B17-B9372BFE4ABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{86A0A51D-8653-4648-92DF-07FDAD096096}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{88BE9B2E-B128-42CD-B35E-9E08CA6EBCD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8B5AF3D8-26AA-4EC0-9DCE-0D4A80B32296}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{92D41597-51A4-4FDE-83DF-D1493C84E515}" = protocol=6 | dir=out | app=system |

"{952D9D10-A65C-4168-A167-8BA7A971F9C1}" = protocol=17 | dir=in | app=c:\users\laabs\appdata\local\temp\7zs5305.tmp\symnrt.exe |

"{95F7755F-DE98-4311-B378-D054A7F06649}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{9B0FCAB4-12FA-419A-9DB0-EDAA4D5E4D12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9F522FF1-2299-4850-B482-7CF0D417561D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A73F672F-85CF-4FEF-B040-0267E04B38DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{ACE490CD-F077-481D-B50F-362F88EA481B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AE62BBC8-0154-4007-9A8C-B0B5CA5C4037}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

"{B13F6401-6862-49B5-8EF3-FBB248B8468E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{B1EEAE40-9F34-422C-AE8F-68976CFC42AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B20959B2-6856-40A8-BB7D-142EE2FA79AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{B66645E6-FE09-4039-BD67-99C7D4F50F64}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{B962548D-DF51-44EB-BD59-A04CFD8B4237}" = protocol=58 | dir=in | app=system |

"{BEB4579D-6270-4FE8-9910-738A3F9C65EE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C180338C-1EB1-41E4-A188-7B29577D56B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C5DDDB22-69B0-47CE-8C58-923BA6AAA508}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CA228AEB-A007-4792-BFF7-7EB417491E07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CD0A909D-C955-4EDD-9E15-5EE985695E63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{CDFC1709-EBBF-4898-9549-247ABD773992}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{D26E9E4B-716A-43ED-8584-A25F996D52E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |

"{D2E49938-0D45-4F28-A9C5-6E351845C419}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{DD30B2A0-A6B7-412C-84B0-04C8119AF799}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{E1D3CF18-11BF-4650-96F3-750CBB75B46B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{E56D1C4B-22FF-427F-BAEF-13FE710A81EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{EEBFCD19-3E7B-4274-A1DB-F4AC46D61FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{F2CCE90B-6C82-4BF3-BC76-30F5F1D3B761}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F5F2CFD2-3FE3-4AAB-93B3-31D8D6DE7746}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F695707D-1604-479D-AECE-807954B4D9B3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"TCP Query User{170E8B06-1671-45FB-A496-9F948829F837}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{68D2FC3E-7C4C-466C-A73D-5F6AB78C741E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |

"TCP Query User{B39BCDD4-92AC-4E92-93CE-5E9BACAA9816}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |

"UDP Query User{3AA09CED-B389-40BC-AFD2-34BD29997944}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |

"UDP Query User{D67727A8-4BB0-437E-89B8-97514BE430DB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{E2A89C79-BEEC-4568-8621-780A6CA3EF36}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64

"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall

"GIRDAC Port" = GIRDAC Port

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"RealVNC_is1" = VNC Enterprise Edition E4.5.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish

"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix

"{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio

"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista

"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup

"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English

"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup

"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption

"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101

"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian

"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German

"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy

"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A6D1A6E1-8A6B-4C49-8FF5-2AFEDFBFE4FA}" = Star Wars Empire at War Forces of Corruption Demo

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese

"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B16CC6D4-F1FB-4BA2-9E8C-66F693AC9E7A}" = Cabela`s Outdoor Adventures

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish

"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian

"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"ATT-SST" = AT&T Troubleshoot & Resolve Tool

"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1

"Free RAR Extract Frog" = Free RAR Extract Frog

"GIRDAC Free PDF Creator" = GIRDAC Free PDF Creator

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"My HP Game Console" = HP Game Console

"N360" = Norton 360

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PDF Complete" = PDF Complete Corporate Edition

"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.7

"PrintServer Utilities" = PrintServer Utilities

"RealPlayer 16.0" = RealPlayer

"Republic at War 1.1" = Republic at War 1.1

"Trophy Hunter 2003_is1" = Trophy Hunter 2003 - Rocky Mountain Adventures

"WildTangent hp Master Uninstall" = HP Games

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089299" = Mystery P.I. - The London Caper

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"Yahoo! Companion" = att.net Toolbar

"Yahoo! Mail" = att.net Internet Mail

"Yahoo! Software Update" = Yahoo! Software Update

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Laabs

"SOE-Clone Wars" = Clone Wars

"SOE-Free Realms" = Free Realms

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 470187

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 470187

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 485787

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 485787

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 500654

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 500654

Error - 4/17/2013 4:16:38 PM | Computer Name = Laabs-HP | Source = RasClient | ID = 20227

Description =

[ Hewlett-Packard Events ]

Error - 8/6/2012 3:28:30 PM | Computer Name = Laabs-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/23adf72c_dd8c_4566_8348_50eb35cdffcd/jb+wwgrwh_+sbksyh6q_yoxp_15.rem'

has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 2815 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/26/2012 11:42:50 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/27/2012 12:12:49 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/27/2012 4:00:29 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/27/2012 12:00:03 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/27/2012 8:24:27 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

[ System Events ]

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/21/2013 10:14:59 AM | Computer Name = Laabs-HP | Source = DCOM | ID = 10005

Description =

Error - 4/21/2013 10:15:08 AM | Computer Name = Laabs-HP | Source = DCOM | ID = 10005

Description =

Error - 4/21/2013 10:15:13 AM | Computer Name = Laabs-HP | Source = DCOM | ID = 10005

Description =

Error - 4/21/2013 10:15:13 AM | Computer Name = Laabs-HP | Source = DCOM | ID = 10005

Description =

< End of report >

[Computer doesn't even work out of safe mode]

# AdwCleaner v2.200 - Logfile created 04/20/2013 at 21:40:42

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Laabs - LAABS-HP

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Laabs\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Laabs\AppData\Local\blekkotb

Folder Deleted : C:\Users\Laabs\AppData\Local\Conduit

Folder Deleted : C:\Users\Laabs\AppData\Local\Coupon Companion Plugin

Folder Deleted : C:\Users\Laabs\AppData\Local\PackageAware

Folder Deleted : C:\Users\Laabs\AppData\Local\TempDir

Folder Deleted : C:\Users\Laabs\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Laabs\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Laabs\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Somoto

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5709 octets] - [20/04/2013 20:48:55]

AdwCleaner[R2].txt - [5722 octets] - [20/04/2013 21:40:28]

AdwCleaner[s1].txt - [5016 octets] - [20/04/2013 21:40:42]

########## EOF - C:\AdwCleaner[s1].txt - [5076 octets] ##########

[Computer doesn't even work out of safe mode]

Thanks so much for helping me. My kids are driving me nuts! "Is the computer fixed yet? Is it?!"

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Laabs [Admin rights]

Mode : Scan -- Date : 04/20/2013 20:22:08

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging (C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe) [7] -> FOUND

[sTARTUP][sUSP PATH] StrongVaultApp.exe.lnk @Common : C:\Users\Laabs\AppData\Local\StrongVault\StrongVaultApp.exe [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++

--- User ---

[MBR] f8b8fc7cf168c1322a9eeccbd5db935e

[bSP] 6518f3cdc2f87b85f4b61d45567fbb64 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463320 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949086208 | Size: 13518 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 87491acbd5b4bfeba8e9a1265ae79306

[bSP] e59807d88bb77f070731e3d05f2e1d27 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

+++++ PhysicalDrive2: USB Flash Disk USB Device +++++

--- User ---

[MBR] 1e63fa39bccc1a5b8e85f116c6e04d76

[bSP] c31aaa6f4059f425d49131ed63a22470 : Empty MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 63 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_04202013_02d2022.txt >>

RKreport[1]_S_04202013_02d2022.txt

[Computer doesn't even work out of safe mode]

I believe it's the PUP Installer virus that Malwarebytes didn't completely remove. These were run in Safe Mode...hope that's okay.

Thanks in advance to anyone who can help me!

Cherie

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16476

Run by Laabs at 15:02:57 on 2013-04-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2384 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>

uURLSearchHooks: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - <orphaned>

uURLSearchHooks: <No Name>: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\2.bin\u4SrcAs.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\2.bin\u4SrcAs.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

TB: Guffins: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uRun: [WorkForce 520(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGIA.EXE /FU "C:\Windows\TEMP\E_SDC4A.tmp" /EF "HKCU"

uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sMessaging] C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Guffins Search Scope Monitor] "C:\PROGRA~2\Guffins\bar\2.bin\u4srchmn.exe" /m=2 /w /h

mRun: [Guffins Browser Plugin Loader] C:\PROGRA~2\Guffins\bar\2.bin\u4brmon.exe

StartupFolder: C:\Users\Laabs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Laabs\AppData\Local\StrongVault\StrongVaultApp.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-10 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-10 38016]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-4-8 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-4-8 1139800]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38456]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]

S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-4-8 168096]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSviA64.sys [2013-4-12 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-4-8 224416]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-4-8 432800]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-10 203264]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-30 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-30 128512]

S2 GuffinsService;GuffinsService;C:\PROGRA~2\Guffins\bar\2.bin\u4barsvc.exe [2013-2-24 42504]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe [2013-4-8 144520]

S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-3-9 369152]

S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-3-9 460288]

S2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-3-9 342528]

S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-19 818200]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-10 349800]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-7 1255736]

.

=============== Created Last 30 ================

.

2013-04-16 20:05:29 -------- d-----w- C:\Users\Laabs\AppData\Roaming\Malwarebytes

2013-04-16 20:05:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-16 20:05:17 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-16 20:05:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-16 20:05:03 -------- d-----w- C:\Users\Laabs\AppData\Local\Programs

2013-04-10 12:54:42 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-08 23:40:28 796248 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtsp64.sys

2013-04-08 23:40:28 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys

2013-04-08 23:40:28 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys

2013-04-08 23:40:28 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtspx64.sys

2013-04-08 23:40:28 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1403010.016\symelam.sys

2013-04-08 23:40:28 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys

2013-04-08 23:40:28 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys

2013-04-08 23:40:27 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys

2013-04-08 23:39:17 -------- d-----w- C:\Windows\System32\drivers\N360x64\1403010.016

2013-03-26 12:25:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-12 22:12:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 22:12:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-24 19:04:53 178552 ----a-w- C:\Program Files (x86)\u4res.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-03 15:25:36 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-02-03 15:25:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

.

============= FINISH: 15:04:05.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/5/2011 1:46:32 PM

System Uptime: 4/17/2013 3:01:51 PM (0 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 367.46 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.624 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe FE Family Controller

Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050

Manufacturer: Realtek

Name: Realtek PCIe FE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050

Service: RTL8167

.

==== System Restore Points ===================

.

RP195: 4/7/2013 5:09:49 PM - Scheduled Checkpoint

RP196: 4/11/2013 3:00:47 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6)

Agatha Christie - Peril at End House

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Troubleshoot & Resolve Tool

ATI Catalyst Install Manager

att.net Internet Mail

att.net Toolbar

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Build-a-lot 2

Cabela`s Outdoor Adventures

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Chuzzle Deluxe 1.01

Clone Wars

Coupon Companion Plugin

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

DVD Menu Pack for HP MediaSmart Video

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 520 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

Escape Rosecliff Island

Farm Frenzy

FATE

Final Drive Nitro

Free M4a to MP3 Converter 7.1

Free RAR Extract Frog

Free Realms

GIMP 2.6.11

GIRDAC Free PDF Creator

GIRDAC Port

Guffins Toolbar

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

iTunes

Jewel Quest Solitaire 2

JumpStart World Presents Pet Playground

Junk Mail filter update

Kobo

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Mystery P.I. - The London Caper

Norton 360

Norton Online Backup

PDF Complete Corporate Edition

Penguins!

PhotoNow!

Pirate101

Pivot Stickfigure Animator version 2.2.7

Plants vs. Zombies

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PressReader

PrintServer Utilities

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery Manager

Republic at War 1.1

ROBLOX Player for Laabs

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Serif PagePlus Starter Edition

Skype™ 5.10

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Empire at War Forces of Corruption Demo

Strongvault Online Backup

Trophy Hunter 2003 - Rocky Mountain Adventures

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Virtual Families

Virtual Villagers 4 - The Tree of Life

VNC Enterprise Edition E4.5.3

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

World of Tanks

Yahoo! Software Update

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

4/17/2013 3:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/17/2013 3:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/17/2013 3:02:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/17/2013 3:02:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/17/2013 3:02:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

4/17/2013 3:02:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/17/2013 2:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

4/17/2013 2:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/16/2013 8:54:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

4/16/2013 8:32:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

4/16/2013 8:14:56 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/16/2013 8:12:51 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.

4/16/2013 8:10:46 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/16/2013 8:10:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

4/16/2013 8:09:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

4/16/2013 8:09:14 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/16/2013 6:00:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:45:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/16/2013 2:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/16/2013 2:42:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/15/2013 6:34:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/14/2013 5:41:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

4/14/2013 5:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

4/14/2013 5:36:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

4/14/2013 5:35:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

4/11/2013 3:33:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8002583060, 0xfffff80000b9c518, 0xfffffa8006fb8490). A dump was saved in: C:\Windows\Minidump\041113-80324-01.dmp. Report Id: 041113-80324-01.

.

==== End Of File ===========================