Jump to content

Search the Community

Showing results for tags 'searchnu.com'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. hey, I was wondering if anyone could help me get rid of searchnu.com? Many thanks, Clemency
  2. Hey Everyone, OK, this morning I realized that my fiance's computer's Firefox homepage was directed to searchnu.com/406. First I searched for newly-installed applications, hoping that simple uninstallation would solve the issue. Unfortunately, I could not find any new applications, and she does not remember installing anything new in the last few days. Next we tried a system restore, but the computer keeps failing to successfully restore to a previous state. After more online research, I found this (http://forums.malwar...howtopic=107847) thread. I did the instructions per Maniac, and my OTL and Extras files are listed below, as instructed (I had to split them up because my post was too long). If you guys could provide any help, I'd very much appreciate it. Thank you so very much for your time. OTL logfile created on: 4/19/2012 8:07:33 AM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\kristen\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.90% Memory free 7.50 Gb Paging File | 4.52 Gb Available in Paging File | 60.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.34 Gb Total Space | 749.84 Gb Free Space | 81.65% Space Free | Partition Type: NTFS Drive D: | 13.07 Gb Total Space | 1.60 Gb Free Space | 12.26% Space Free | Partition Type: NTFS Computer Name: KRISTEN-HP | User Name: kristen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012/04/19 08:06:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\kristen\Downloads\OTL.exe PRC - [2012/04/05 23:24:24 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012/03/25 02:40:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/02/11 13:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE PRC - [2010/01/21 08:58:04 | 000,025,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe PRC - [2010/01/21 08:57:38 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/11/24 20:26:32 | 000,393,216 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/11/17 20:45:20 | 000,212,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe PRC - [2009/10/02 17:11:50 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/11/02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 03:41:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll MOD - [2012/04/12 03:41:45 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\486a0c233b3aa834e8cca53ed355bf1c\ReachFramework.ni.dll MOD - [2012/04/12 03:41:42 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll MOD - [2012/04/12 03:41:30 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll MOD - [2012/04/12 03:41:23 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll MOD - [2012/04/12 03:41:18 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll MOD - [2012/04/05 23:24:24 | 001,969,112 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012/04/05 23:24:24 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012/04/05 23:24:24 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012/03/25 02:40:05 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/02/17 04:46:05 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll MOD - [2012/02/17 04:46:02 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44d15a5bcd3143d53fd67b871c728616\System.IdentityModel.ni.dll MOD - [2012/02/17 04:46:01 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll MOD - [2012/02/17 04:45:59 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3623247db0c19cd14589e6f4d6cfb290\System.ServiceModel.ni.dll MOD - [2012/02/17 04:45:59 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb46ff3a7098925dd3f0552901668735\SMDiagnostics.ni.dll MOD - [2012/02/17 04:38:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MOD - [2012/02/17 04:38:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012/02/17 04:38:39 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll MOD - [2012/02/17 04:38:18 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012/02/17 04:38:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MOD - [2012/02/17 04:37:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012/02/17 04:37:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012/02/17 04:37:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2011/12/07 13:17:17 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011/10/13 03:43:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2010/12/07 14:52:55 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/02/07 11:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll MOD - [2007/11/02 15:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPUsageTracking.dll MOD - [2007/11/02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe MOD - [2007/11/02 15:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPToolkit.dll MOD - [2007/11/02 15:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\Enumeration.dll MOD - [2007/11/02 15:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPTools.dll MOD - [2007/11/02 15:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPStreamsInterface.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/02/03 03:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/07/15 02:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS) SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/01/21 08:57:38 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv) DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/08/04 15:15:16 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter) DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP) DRV:64bit: - [2010/12/01 13:50:13 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/09 02:41:26 | 001,212,160 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2) DRV:64bit: - [2010/02/05 15:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/05 15:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/02/03 03:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/02/03 02:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/09/17 13:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2009/09/17 13:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950) DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS) DRV:64bit: - [2009/07/20 03:44:04 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/17 22:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2012/04/02 19:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120418.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/03/04 11:52:52 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120418.032\EX64.SYS -- (NAVEX15) DRV - [2012/03/04 11:52:52 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120418.032\ENG64.SYS -- (NAVENG) DRV - [2012/02/03 23:10:43 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/02/03 23:10:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/06/02 21:15:55 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/06/02 21:15:55 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/25 08:27:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/04/12 03:36:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/25 02:40:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/02 08:46:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/22 11:20:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/06 11:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Extensions [2011/03/02 15:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/04/06 11:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions [2012/02/01 19:04:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/04/29 10:51:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012/02/01 19:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\trash [2012/04/06 11:08:47 | 000,002,519 | ---- | M] () -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\searchplugins\Search_Results.xml [2012/04/06 11:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/22 22:59:46 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/25 02:40:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/29 12:27:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/22 17:32:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/06 11:08:47 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/22 17:32:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\kristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe () O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveStream Broadcaster.lnk = C:\Program Files (x86)\LiveStream\Broadcaster\LiveStreamBroadcaster.exe (LiveStream LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab (EZTwainX by Dosadi) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE66C2CE-9040-4285-9E01-1B5395F5E5EF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA608F66-E8AC-4ABD-ADDD-B908A57EA1BF}: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2012/04/16 12:40:56 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{8EAD2BC3-60F1-4544-9007-654B2055203B} [2012/04/13 19:08:06 | 000,000,000 | ---D | C] -- C:\b3305445a404f5217782baca [2012/04/12 03:08:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/04/12 03:08:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/04/12 03:08:35 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/04/12 03:08:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/04/12 03:08:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/04/12 03:08:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/04/12 03:08:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/04/12 03:08:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/04/12 03:08:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/04/12 03:08:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/04/12 03:08:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/04/12 03:07:46 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/04/12 03:07:45 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/04/12 03:07:44 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/04/12 03:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/04/12 03:02:52 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/04/12 03:02:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/04/06 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\Ilivid Player [2012/04/06 11:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/04/03 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{68BC5610-3EDA-48CA-A925-5D717A9495D2} [2012/03/28 15:09:34 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{A85BCE18-8B26-4E4A-96FE-1CF4CC53F76D} [2012/03/28 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{8458F2A1-432E-4FA0-84E6-A38357C6CDD8} [2012/03/26 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{00386579-3B0C-4AD6-97F2-527A1986D865} [2012/03/26 14:32:35 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{F171D355-9872-430B-AD26-DEEA8167367B} [2012/03/26 14:25:14 | 000,000,000 | ---D | C] -- C:\Users\kristen\Desktop\Taylor [2012/03/25 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\kristen\Documents\Wedding [2012/03/20 15:28:21 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{EE3F92D0-972D-438E-AEF6-87FFBCDEA3F9} [2012/03/20 15:28:09 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{3028230E-4073-49D5-BABE-F0DC6FB0DFC4} [2012/03/19 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{004A6924-35A2-42F3-A101-3253477B84F6} [2012/03/19 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{FFEFA4EB-7134-46B2-877E-261311A58723} [2012/03/13 22:55:33 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/03/13 22:55:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/03/13 22:55:32 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/03/13 22:55:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/03/13 22:55:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/03/13 22:55:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/03/13 22:55:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/03/13 22:55:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/03/13 22:54:59 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/03/13 22:54:59 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/03/13 09:29:08 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{221C8BA7-4315-444C-B117-7C1E2CC76E67} [2012/03/13 09:28:56 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{67E3EFA9-0721-47B5-A37A-33026D482DC8} [2012/02/23 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{91547B61-10BE-448D-863B-E37804B5D7B1} [2012/02/23 16:27:58 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{40C61AF1-48D9-42FB-8084-080E7A9AFB62} [2012/02/23 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{EBBC4B59-F870-4AA4-8ADD-E64130A59CE2} [2012/02/23 12:59:05 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{AD7B4405-CEAC-42D2-9A72-4878DE58DF0F} ========== Files - Modified Within 60 Days ========== [2012/04/19 08:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/19 01:18:54 | 000,003,900 | ---- | M] () -- C:\Windows\mozy.blk [2012/04/19 01:18:54 | 000,003,612 | ---- | M] () -- C:\Windows\mozy.flt [2012/04/18 22:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/17 21:00:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/17 21:00:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/17 17:56:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkristen.job [2012/04/14 00:08:08 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/12 03:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/12 03:35:39 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2012/04/12 03:14:41 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/12 03:14:41 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/12 03:14:41 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/05 00:15:00 | 000,038,881 | ---- | M] () -- C:\Users\kristen\Documents\index.html [2012/03/14 03:24:58 | 000,486,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/06 02:43:21 | 005,504,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/03/06 01:59:41 | 003,958,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/03/06 01:59:41 | 003,902,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/03/01 02:45:41 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/03/01 02:40:14 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/02/28 15:06:51 | 000,002,116 | ---- | M] () -- C:\Users\kristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/02/28 13:45:39 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012/02/28 02:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/28 02:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/28 02:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/28 02:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/28 02:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/28 02:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/27 21:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/27 21:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/27 21:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/27 21:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/27 20:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/22 17:32:35 | 000,002,050 | ---- | M] () -- C:\Users\kristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/04/05 00:14:59 | 000,038,881 | ---- | C] () -- C:\Users\kristen\Documents\index.html [2011/09/13 11:20:58 | 000,007,602 | ---- | C] () -- C:\Users\kristen\AppData\Local\Resmon.ResmonCfg [2011/03/31 12:19:47 | 000,011,264 | ---- | C] () -- C:\Users\kristen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/02 21:29:13 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/06/02 21:02:54 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2010/06/02 20:45:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > Below is the "Extras" file. I had to put it in a new reply in order to keep my post short enough to be published. OTL Extras logfile created on: 4/19/2012 8:07:33 AM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\kristen\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.90% Memory free 7.50 Gb Paging File | 4.52 Gb Available in Paging File | 60.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.34 Gb Total Space | 749.84 Gb Free Space | 81.65% Space Free | Partition Type: NTFS Drive D: | 13.07 Gb Total Space | 1.60 Gb Free Space | 12.26% Space Free | Partition Type: NTFS Computer Name: KRISTEN-HP | User Name: kristen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{50BFFD84-1328-83A2-B9D9-7D4C6ED0B0CA}" = MozyHome "{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager "{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PC-Doctor for Windows" = Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy "{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11070051-3806-4F34-8F1D-A7874ADC296C}" = HP TouchSmart Paint it! by Corel - Core "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30 "{2752631F-ABA9-4B43-A7E2-35C03512AAE3}" = HP TouchSmart Canvas "{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai "{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German "{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish "{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3C19AEEC-7779-4FA5-A1DA-AEB93E674294}" = Corel Paint it! touch - IPM "{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5932A032-0BD3-4EEA-9FC3-5E4C98B770C5}" = HP TouchSmart Paint it! by Corel - Langauge "{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian "{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese "{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver "{5CBE8F58-049D-49FE-B4E3-A23CF3194771}" = HP TouchSmart Paint it! by Corel - Langauge "{5F10FEF8-0538-4BB7-9020-E553C85427E9}" = HP TouchSmart "{5F19F53C-4BC1-4A03-915A-88C4B2753226}" = HP TouchSmart Link "{63B1242A-6111-489E-B2DF-7167AD35B229}" = HP TouchSmart Notes "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP TouchSmart Live TV "{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel - ICA "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista "{766486B3-441B-4376-A5F8-0AE2E4BDFB3C}" = HP TouchSmart Paint it! by Corel - Langauge "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77B559D7-CBF8-43FE-90BB-BDB6A30E9B61}" = HP TouchSmart Paint it! by Corel - Langauge "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore "{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light "{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials "{864BC409-6229-452C-B1FD-FA960D13F824}" = HP TouchSmart Paint it! by Corel - Langauge "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABFD25DE-AA93-43AB-BF49-E21EFF8D5812}" = HP TouchSmart Twitter "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static "{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B770307B-2E7E-4BAD-BF75-1511A76AD277}" = HP TouchSmart Paint it! by Corel - Content "{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{BF6B7982-9189-4765-9DD3-039CE6D69C0C}" = Buttons & OSDs control application gen3 "{BFA6DE67-F8EF-427B-B962-D03ADAF56734}" = HP TouchSmart Paint it! by Corel - Langauge "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C80F3135-2B60-4153-B4F1-9B6F67F055B1}" = HP TouchSmart RecipeBox "{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian "{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1FD99EF-7312-426E-A9BD-92ECD2093B4A}" = HP TouchSmart Paint it! by Corel - Langauge "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean "{EE170B45-E070-42A9-90FB-3525F9D3F18F}" = HP TouchSmart Calendar "{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian "{F33B9785-B646-4564-849B-BEE3A1700694}" = HP TouchSmart Paint it! by Corel - Langauge "{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts "{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup "{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing "{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish "{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare "{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation "{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch "{F9A36074-25AD-4F2E-969E-AEDF452DC57B}" = HP TouchSmart Paint it! by Corel - Langauge "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12 "AVerMedia MiniCard Hybrid TV Tuner" = AVerMedia MiniCard Hybrid TV Tuner 1.1.64.55 "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "FastStone Image Viewer" = FastStone Image Viewer 4.2 "FileZilla Client" = FileZilla Client 3.3.5.1 "Google Chrome" = Google Chrome "HP Keyboard_is1" = HP Desktop Keyboard "HP Remote Solution" = HP Remote Solution "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP TouchSmart Live TV "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "LiveStream Broadcaster" = LiveStream Broadcaster (remove only) "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US) "My HP Game Console" = HP Game Console "NIS" = Norton Internet Security "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PosteRazor_is1" = PosteRazor "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WT082124" = Blasterball 3 "WT082125" = Bob the Builder Can-Do-Zoo "WT082133" = Dora's Carnival Adventure "WT082141" = FATE "WT082168" = Penguins! "WT082170" = Plants vs. Zombies "WT082172" = Polar Bowler "WT082173" = Polar Golfer "WT082192" = Bejeweled 2 Deluxe "WT082200" = Chuzzle Deluxe "WT082241" = Virtual Villagers - The Secret City "WT082396" = Diner Dash 2 Restaurant Rescue "WT082427" = Slingo Deluxe "WT082432" = Ancient Hearts "WT082433" = Bookworm Adventures "WT082438" = Build-a-lot 2 "WT082441" = Dora's World Adventure "WT082443" = Jewel Quest 3 "WT082447" = Mah Jong Medley "WT082458" = Tradewinds Legends "WT082463" = Zuma's Revenge "WT082468" = Jewel Quest Solitaire 2 "WT083472" = Airport Mania "WT083473" = Bounce Symphony "WT083489" = JoJo's Fashion Show "WT083490" = Skip-Bo - Castaway Caper "WT083491" = TextTwist 2 "WT083697" = Build-a-lot "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/16/2011 12:39:04 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x16b8 Faulting application start time: 0x01cca419a8eeccda Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: e9160d9e-100c-11e1-9967-7071bc54499c Error - 11/27/2011 12:44:40 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 10.2.152.32, time stamp: 0x4d648f0d Exception code: 0xc0000005 Fault offset: 0x00178b6a Faulting process id: 0x1738 Faulting application start time: 0x01ccac8541313855 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: 84043d80-18b2-11e1-bd20-7071bc54499c Error - 12/2/2011 1:58:27 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 10.2.152.32, time stamp: 0x4d648f0d Exception code: 0xc0000005 Fault offset: 0x00178b6a Faulting process id: 0xce8 Faulting application start time: 0x01ccafa0ef5ece3e Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: a6cbe90d-1caa-11e1-8df0-7071bc54499c Error - 12/4/2011 6:06:18 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: FlipShare.exe, version: 5.0.5.52727, time stamp: 0x4b05a1b8 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xe8c833e4 Faulting process id: 0x16d8 Faulting application start time: 0x01ccb2cb0a02287e Faulting application path: C:\Program Files (x86)\Flip Video\FlipShare\FlipShare.exe Faulting module path: unknown Report Id: 30b51495-1ec4-11e1-8df0-7071bc54499c Error - 12/25/2011 12:59:48 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 11.1.102.55, time stamp: 0x4eaf86ce Exception code: 0xc0000005 Fault offset: 0x00198824 Faulting process id: 0xfb4 Faulting application start time: 0x01ccc1aaf89d0580 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: da11ed49-2f19-11e1-993c-7071bc54499c Error - 1/5/2012 1:25:19 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x1e94 Faulting application start time: 0x01cccbcefb2d0297 Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: 3cfde344-37c2-11e1-8ec2-7071bc54499c Error - 2/1/2012 7:06:32 PM | Computer Name = kristen-HP | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 9.0.1.4371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2368 Start Time: 01cce135c14c80ff Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 5815d822-4d29-11e1-ac46-7071bc54499c Error - 2/1/2012 7:08:01 PM | Computer Name = kristen-HP | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 9.0.1.4371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 216c Start Time: 01cce1362a7d264a Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 92f454df-4d29-11e1-ac46-7071bc54499c Error - 2/4/2012 8:46:36 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x988 Faulting application start time: 0x01cce39f98b3594d Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: daac2c92-4f92-11e1-ac46-7071bc54499c Error - 2/13/2012 1:37:57 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 9.0.1.4371, time stamp: 0x4ef15e07 Faulting module name: NPSWF32.dll, version: 11.1.102.55, time stamp: 0x4eaf86ce Exception code: 0xc0000005 Fault offset: 0x00198824 Faulting process id: 0x1e5c Faulting application start time: 0x01cce21b22f141b6 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: 770ab19a-5669-11e1-ac46-7071bc54499c [ Hewlett-Packard Events ] Error - 3/9/2012 12:32:26 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:32:47 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:33:04 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:33:28 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:34:01 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:35:00 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:35:54 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:36:34 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/10/2012 1:54:17 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/10/2012 1:54:26 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 3/25/2012 2:37:08 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 3/25/2012 2:38:53 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. Error - 3/25/2012 2:38:53 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7000 Description = The HP Support Assistant Service service failed to start due to the following error: %%1053 Error - 4/11/2012 1:35:48 PM | Computer Name = kristen-HP | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE66C2CE-9040-4285-9E01-1B5395F5E5EF} because another computer on the network has the same name. The server could not start. Error - 4/12/2012 3:00:24 AM | Computer Name = kristen-HP | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE66C2CE-9040-4285-9E01-1B5395F5E5EF} because another computer on the network has the same name. The server could not start. Error - 4/12/2012 3:36:26 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7023 Description = The Server service terminated with the following error: %%14 Error - 4/16/2012 12:20:07 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/17/2012 7:57:51 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/18/2012 9:33:24 PM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/19/2012 12:27:11 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. < End of report >
  3. Well logged into my girlfriend's laptop today and behold the virus magnet that she is had managed to contract this redirect as her homepage, I've been searching now to rid the issue but to no avail. I attempted to run the OTL.exe file to extract the needed logs that I noticed are needed but have hit a hangup when it tries to scan the modules which leads the program to be unresponsive. I am at a standstill at this point and have not gotten anywhere with any anti-virus i have ran. Would really appreciate any help that I can get at this point... Thanks in advance, --Dalton
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.