Jump to content

Search the Community

Showing results for tags 'searchnu'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 20 results

  1. There was a file that I downloaded onto my PC that ended up on my list of Programs - it's called "Zip Extractor Packages," and clicking on it also installed some known malware programs. I'm not sure if it's a virus, malware, a benign or dangerous PUP or something else, but since there are only a few dozen Google hits on this, I'm wondering if it's brand new, what its effects are, and how to fully remove any remnants of it. Unfortunately I don't have a copy or screen shot to attach, since my PC went to Geek Squad and they said all malware/viruses were removed. But since it may be a brand new malware or a dangerous PUP, I'm hoping someone can investigate what it is. (I posted a request for help on the "Malwarebytes Anti-Malware Help" forum here - they didn't know what it was, and said I should post in Newest Malware Threats, which I did. Since the moderator who replied there said he couldnt find it at the link I gave below, he suggested I post here and let him know what I hear. My Geek Squad guy suggested I post in Tom's Hardware, but I got no reply there) I believe I downloaded it based on a link from the moderator of MalwareTips.com that said it was a link for RogueKiller. Unless the link was changed from a few days ago, I believe the link was listed as this: RogueKiller Download Link: http://tigzy.geekstogo.com/roguekiller.php (FYI. Someone at the Malwarebytes forum said they tried this link & Zip Extractor Packages wasn't there - since I no longer had the program or any screenshots, they said they weren't able to investigate it) Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another) - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. When I tried to uninstall, it said it may have been removed... and then a NEW program appeared on the list - Sweetpacks. I went back to another help page on the site and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link unless you have a way to safely download and examine it - it's listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Though Geek Squad says they found my hardware was clean, and say they cleaned everything, my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since this thing may still be unknown or unanalyzed. Anyone know about this malware/PUP, or can anyone report it to whoever these things get reported to so it can be fixed? A friend in IT said antivirus/malware co's usually have 30 days after IDing a new item to come up with a solution, and with only a few dozen Google page hits on this thing the last time I checked, I'm afraid I may be Ground Zero with a new virus or malware or dangerous PUP. And a few related things it may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) Thanks, Jeff
  2. I have malware on my system called "Zip Extractor Packages" but since there are only a few dozen Google hits on this, I'm wondering if it's brand new and how to remove it. I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another" - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. (When I tried to uninstall, it said it may have been removed) and then a NEW program appeared on the list - Sweetpacks) I went back to the site (this time http://malwaretips.com/blogs/remove-sweetpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link, listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed. Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed? And a few related things some of this malware may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) --Also: I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post Thanks! Jeff
  3. I have updated removed and reinstalled mbam pro. I am unable to have it detect any virus/maleware for months now I am now infected by v9 ad.yieldmanager and searchnu I don't want to take advice from google anymore and go deeper into the rabbit hole. Win7 Ultimate 64 bit Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John McGlaughlin :: DEVELOPMENT [administrator] Protection: Enabled 1/21/2013 2:22:44 PM mbam-log-2013-01-21 (14-22-44).txt Scan type: Full scan (B:\|C:\|D:\|G:\|M:\|P:\|T:\|U:\|V:\|W:\|Z:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 649548 Time elapsed: 49 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Hey guys, I have tried everything possible to get rid of a redirect and error 105 problem which I believe is being caused by SearchNu and Partner37 malware. I had used malwarebytes, ESET online scanner, Spybot-Search and Destroy and they had all found something and removed it, but the error 105 and redirect still happens. After rescanning even on safe mode none of the scanners show signs of any malware, however the error 105 still appears with searchnu in the URL address bar. Also, the really odd thing is, the internet on my other machines have also been going slow, is it possible this virus or malware could have infected my wifi router? Not sure if this is relevant but the other devices on the same network are a macbook, iphone, ipad and samsung galaxy. I'm fairly new at this so any help in removing this would be highly appreciated!! Thanks so much! Attach.txt DDS.txt
  5. Hi, So two or three days ago I was infected by the searchnu redirect virus. I found instructions and removed it manually, though I don't think I did a complete and thorough job, because now my connection has ground to a near halt and my laptop sounds like it's running in overdrive. I've run Malwarebytes with no luck, and McAfee is also not picking up a thing. I've pasted my OTL report below, and attached my OTL Extras file and DDS and Attach files because the forum told me my post was too long to paste more in. Could somebody kindly take a look and see if you can spot what's going on? Many thanks! OTL logfile created on: 9/10/2012 10:59:55 AM - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\pwtucker\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.67 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 52.30% Memory free 7.34 Gb Paging File | 4.74 Gb Available in Paging File | 64.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.77 Gb Total Space | 21.98 Gb Free Space | 7.64% Space Free | Partition Type: NTFS Computer Name: PWTUCKER-VAIO | User Name: pwtucker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/10 10:58:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\pwtucker\Downloads\OTL.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\pwtucker\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe PRC - [2010/05/28 16:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/05/28 16:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll MOD - [2012/08/29 22:58:44 | 012,237,336 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012/08/29 22:57:27 | 000,526,872 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012/08/29 22:57:26 | 000,104,984 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011/09/23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService) SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2010/08/10 22:02:42 | 000,154,776 | ---- | M] (Citrix Systems, Inc) [Disabled | Stopped] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl) SRV:64bit: - [2010/06/21 21:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2010/06/09 18:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2010/06/09 18:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2010/06/09 18:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2010/06/07 01:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/09 09:29:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/26 10:04:36 | 000,071,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Remote Access Host\RemotePCM.exe -- (remotepc) SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/09/20 04:27:20 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe -- (MOBK755backup) SRV - [2010/06/21 00:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010/06/21 00:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010/06/18 10:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010/06/17 15:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010/06/01 06:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/05/31 22:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010/05/28 16:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/28 16:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/26 10:04:56 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2) DRV:64bit: - [2012/03/26 10:04:46 | 000,011,368 | ---- | M] (Pro Softnet Crop provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RemotePCmirror.sys -- (RemotePCmirror) DRV:64bit: - [2012/03/07 14:31:08 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5) DRV:64bit: - [2012/03/07 14:31:08 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4) DRV:64bit: - [2012/03/07 14:31:08 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV:64bit: - [2012/03/07 14:31:08 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2) DRV:64bit: - [2012/03/07 14:31:08 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/04/13 15:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/01/07 16:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/20 04:27:12 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK755.sys -- (MOBK755Filter) DRV:64bit: - [2010/08/26 05:19:38 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/08/26 05:16:50 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/08/10 22:03:34 | 000,045,720 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctxva51.sys -- (ctxva51) DRV:64bit: - [2010/08/04 14:31:44 | 000,096,384 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys -- (cag) DRV:64bit: - [2010/06/24 16:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/06/23 16:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010/06/23 16:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010/05/31 17:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/05/31 17:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010/05/31 17:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/05/28 16:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/05/28 16:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{56E282EB-B262-453F-A858-400641E13420}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_en IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNNT_en IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\SearchScopes\{9D58DFFE-4B5C-4F9E-AA29-169C816409F1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WBG&o=15136&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RS&apn_dtid=YYYYYYYYUS&apn_uid=10A10F6B-4763-453F-A743-F7B75B221A98&apn_sauid=D82444E1-DF49-4C4D-B5DC-9F47D5F250FE IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-297457635-499220282-3771320470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=418&systemid=406&sr=0&q=" FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/?cid=insDate08012012" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.2.47.11: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.47.11: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pwtucker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pwtucker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pwtucker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pwtucker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pwtucker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/05/09 03:46:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/06 05:22:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/08 13:44:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 15:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwtucker\AppData\Roaming\Mozilla\Extensions [2012/09/06 15:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwtucker\AppData\Roaming\Mozilla\Firefox\Profiles\nnugsn46.default\extensions [2012/09/06 14:35:20 | 000,002,519 | ---- | M] () -- C:\Users\pwtucker\AppData\Roaming\Mozilla\Firefox\Profiles\nnugsn46.default\searchplugins\Search_Results.xml [2012/09/06 15:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/25 10:58:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/11/26 19:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/29 19:27:11 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/09/06 14:35:20 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml ========== Chrome ========== CHR - homepage: http://www.igoogle.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.igoogle.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Citrix Access Gateway (Enabled) = C:\Users\pwtucker\AppData\Roaming\Mozilla\plugins\npagee.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pwtucker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pwtucker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pwtucker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: No name found = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.9_0\ CHR - Extension: Skype Click to Call = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_1\ CHR - Extension: No name found = C:\Users\pwtucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\ O1 HOSTS File: ([2011/03/30 18:32:21 | 000,001,796 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120906052027.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120906052027.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\S-1-5-21-297457635-499220282-3771320470-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-297457635-499220282-3771320470-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\pwtucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pwtucker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/10 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\AppData\Roaming\Malwarebytes [2012/09/10 11:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/10 11:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/10 11:03:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/10 11:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/09 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/09/09 00:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/09/09 00:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/09/09 00:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012/09/09 00:02:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012/09/09 00:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012/09/08 21:59:07 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\Desktop\Warhammer 40,000 Dawn of War II - Gold Edition [2012/09/06 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\AppData\Local\Ilivid Player [2012/09/06 14:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/09/05 11:46:01 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\Documents\WebCam Media [2012/09/05 11:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2012/09/05 11:45:54 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\AppData\Local\ArcSoft [2012/09/05 11:45:51 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\AppData\Roaming\ArcSoft [2012/09/04 14:18:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/09/04 14:18:30 | 000,000,000 | ---D | C] -- C:\Users\pwtucker\AppData\Local\ElevatedDiagnostics [2012/09/04 14:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders ========== Files - Modified Within 30 Days ========== [2012/09/10 11:34:04 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001UA.job [2012/09/10 11:04:03 | 000,001,133 | ---- | M] () -- C:\Users\pwtucker\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/09/10 11:04:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/10 10:56:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/10 10:52:11 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001UA.job [2012/09/10 10:02:15 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/10 10:02:15 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/10 09:56:51 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2012/09/10 09:55:34 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/10 09:55:34 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/10 09:55:34 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/10 09:54:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012/09/10 09:51:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/10 09:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/10 09:48:59 | 2955,493,376 | -HS- | M] () -- C:\hiberfil.sys [2012/09/09 21:27:31 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001Core.job [2012/09/09 09:13:57 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001Core.job [2012/09/06 05:32:13 | 005,042,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/18 13:32:49 | 000,001,456 | ---- | M] () -- C:\Users\pwtucker\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/08/14 08:19:49 | 000,059,507 | ---- | M] () -- C:\test.xml ========== Files Created - No Company Name ========== [2012/09/10 11:04:03 | 000,001,133 | ---- | C] () -- C:\Users\pwtucker\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/09/10 11:04:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/09 00:05:10 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012/09/06 16:00:40 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2012/06/21 19:04:21 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll [2012/02/29 22:58:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/04/28 23:22:01 | 000,000,132 | ---- | C] () -- C:\Users\pwtucker\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011/04/17 11:52:45 | 000,003,584 | ---- | C] () -- C:\Users\pwtucker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/13 18:34:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/31 12:53:22 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/03/30 19:55:41 | 000,001,456 | ---- | C] () -- C:\Users\pwtucker\AppData\Local\Adobe Save for Web 12.0 Prefs ========== LOP Check ========== [2011/05/24 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Amazon [2012/06/21 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\AnvSoft [2011/07/15 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Auslogics [2012/09/07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\BitTorrent [2011/12/03 10:57:30 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Broad Intelligence [2011/05/24 19:53:32 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\calibre [2011/04/10 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\CDisplayEx [2011/08/09 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\DAEMON Tools Lite [2012/09/10 09:51:43 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Dropbox [2012/09/08 16:38:16 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\FileZilla [2011/09/30 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Mobipocket [2011/07/26 09:32:41 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Philipp Winterberg [2012/09/09 23:02:56 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\SoftGrid Client [2012/03/02 20:56:55 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Spotify [2011/07/30 10:10:47 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/11/26 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\SystemRequirementsLab [2011/03/31 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\TP [2012/06/16 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\TuneUpMedia [2011/03/30 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011/06/16 12:13:45 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Windows Live Writer [2011/04/10 19:31:52 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\WindSolutions [2011/11/09 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\Wuala [2012/05/25 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\pwtucker\AppData\Roaming\YCanPDF [2012/09/09 21:27:31 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001Core.job [2012/09/10 11:34:04 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297457635-499220282-3771320470-1001UA.job [2012/07/24 12:36:03 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Attach.txt DDS.txt Extras.Txt
  6. Hello! I have been infected with searchnu for some time. I followed the instructions using dds and will now post the logs that were generated. Thank you for your help--it is much appreciated. eta: I am confused. Am I supposed to copy and paste the logs or attach them? I think I'm supposed to attach them. If not, I can copy and paste. Let me know if I did it wrong. attach.txtdds.txt
  7. Hi There the other day my pc got infected with this searchnu malware, it changed my search engine and home page on google chrome, i changed the serach engine back but cant change my home page????? I have uninstalled everything associated and run avg and malwarebytes a few times as well as OTL and freefixer but no matter what i do it defaults back to this stupid home search page ??? Im pretty good with comps but this one has me beat can you guys please help its very frustrating!!!! Thanks steve
  8. Hi There the other day my pc got infected with this searchnu malware, it changed my search engine and home page on google chrome, i changed the serach engine back but cant change my home page????? I have uninstalled everything associated and run avg and malwarebytes a few times as well as OTL and freefixer but no matter what i do it defaults back to this stupid home search page ??? Im pretty good with comps but this one has me beat can you guys please help its very frustrating!!!! Thanks steve
  9. My last post Searchnu Nuisance seems to have been deleted as I was in the process of replying, to continue: Ok, thank you. All done as per instructions. It is still coming up as the first tab in Google Chrome though :-/ I will attach the files this time so as the thread won't be exceedingly long..Your assistance once again would be greatly appreciated. By the way this came about from trying to stream football the other week from Firstrow.eu!Also I noticed my Random Access Memory RAM gauge has been ticking at around 35% since - used to sit at 1% or nothing - strange! Also I didn't get an otl.extra file this time. otl.txt is attached. OTL.Txtnew.txt
  10. Hi, I am an owner of malwarebytes pro and I somehow was able to contract the searchnu virus. If you could help me out I would greatly appreciate it. I will be posting my dds and attach in the following reply.
  11. Please help me get rid of searchnu.com/406 redirect. I believe i got it with ilivid download, foolish me. Thanks for all the help - raviaditya
  12. Malware is redirecting Firefox to www.searchnu.com/406. I have attached a screen shot showing the redirect. Neither F-Secure nor Malwarebytes has removed this problem. Please advise on what to do. There is little online about this issue and most sites discussing it seem to be fraudulent. Ran dds but only one file created which I have attached. Please assist. DDS.txt
  13. Hi! I can't remove www.searchnu.com in my firefox browser even I've already uninstall it's component. Please help me. I've already run OTL scan Please check my OTL.txt and Extras.txt below
  14. I am copying in my OTL and Extra log outputs below. Please review and hopefully send me a fix. Thank you, OTL LOG: OTL logfile created on: 4/23/2012 4:08:52 PM - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\John\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 41.68% Memory free 11.98 Gb Paging File | 6.85 Gb Available in Paging File | 57.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.06 Gb Total Space | 271.19 Gb Free Space | 59.33% Space Free | Partition Type: NTFS Drive E: | 298.31 Gb Total Space | 271.99 Gb Free Space | 91.18% Space Free | Partition Type: NTFS Drive F: | 297.86 Gb Total Space | 243.43 Gb Free Space | 81.73% Space Free | Partition Type: NTFS Computer Name: JOLEE | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/04/23 16:07:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/21 14:56:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\LeighAnne\AppData\Local\Akamai\netsession_win.exe PRC - [2011/12/06 06:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011/10/27 23:42:30 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/06/01 19:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe PRC - [2011/04/23 22:17:26 | 001,994,936 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2011/04/23 22:17:26 | 000,098,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/02/16 12:10:46 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/07/21 17:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe PRC - [2009/07/21 17:06:26 | 000,189,680 | ---- | M] (SingleClick Systems) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe PRC - [2009/07/06 09:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/11 00:23:46 | 005,730,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe PRC - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) -- C:\ProgramData\UltraVNC\winvnc.exe PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/04/23 22:18:10 | 000,100,208 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2011/04/23 22:17:32 | 000,062,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2011/04/23 22:16:44 | 000,250,552 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/06/06 10:24:20 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll MOD - [2009/06/01 12:37:50 | 002,076,672 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll MOD - [2008/01/18 01:17:16 | 000,073,782 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\apache\bin\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/08/14 14:15:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/17 13:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009/07/16 06:47:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:04:47 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) SRV - [2011/06/01 19:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/07/08 16:22:32 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2010/04/08 21:47:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010/04/08 21:46:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/04/08 21:45:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010/04/08 21:33:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/21 17:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc) SRV - [2009/07/21 17:06:26 | 000,189,680 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync) SRV - [2009/07/16 06:47:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe -- (STacSV) SRV - [2009/07/06 09:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/06/11 00:23:46 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2) SRV - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Running] -- C:\ProgramData\UltraVNC\winvnc.exe -- (uvnc_service) SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether) DRV:64bit: - [2011/05/07 14:24:12 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (Kl1) DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010/04/19 19:32:38 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/04/19 13:53:24 | 000,067,072 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate) DRV:64bit: - [2010/04/19 13:53:24 | 000,032,768 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software) DRV:64bit: - [2010/04/19 00:56:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/18 06:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009/08/14 16:30:14 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/24 18:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/07/17 13:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009/07/17 13:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/07/16 06:47:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/26 16:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 17:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\packet.sys -- (Packet) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/22 21:18:20 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR) DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/08 20:35:41] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/06/10 17:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{589836BA-6167-46DC-A5BF-F5FF87546F38}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{3BBBD80B-986B-4909-8F7C-817E01A82EAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{1D6B48CC-281B-4EE3-BA67-00854BE7A54C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{212F61FB-002D-4E55-98E6-954BF891142B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 IE - HKCU\..\SearchScopes\{7B8D3830-336B-40DC-851E-8AA30D4248A6}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: fassoxpcom@sensiblevision.com:1.29 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/06 13:23:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/05/21 23:29:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 21:02:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 21:02:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 21:02:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 23:42:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 14:56:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/06 21:51:08 | 000,000,000 | ---D | M] [2012/01/08 22:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions [2012/03/13 17:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1bgjx7yk.default\extensions [2012/01/08 22:45:56 | 000,002,519 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1bgjx7yk.default\searchplugins\Search_Results.xml [2012/01/29 12:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/29 12:23:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/05/07 14:25:51 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011/05/07 14:25:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012/03/21 14:56:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/03/21 14:56:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/08 22:45:56 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/03/21 14:56:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.8_0\plugins/screen_capture.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.8_0\ CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: TV for Google Chrome\u2122 = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\1.5.0_0\ CHR - Extension: Skype Click to Call = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Numerics Calculator & Converter = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\ CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision ) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Artisan 837(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE /FU "C:\Users\John\AppData\Local\Temp\E_SD104.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8F45F2-DC36-48D3-8E4A-6F7632BE31EA}: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47EC2486-A256-4D66-86B7-4A51B3E87C92}: DhcpNameServer = 192.168.15.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/23 16:07:11 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2012/04/14 19:12:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/09 23:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Setup Tool [2012/04/09 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starfield [2012/04/06 10:28:09 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\card dump 4_12 [2012/04/01 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011 [2012/03/25 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D0CFCD48-B112-433F-90A5-FD7AF03F5D05} ========== Files - Modified Within 30 Days ========== [2012/04/23 16:20:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/23 16:07:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2012/04/23 15:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/23 10:39:46 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/23 10:39:46 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/23 10:35:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/17 00:06:21 | 000,001,137 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/04/16 22:15:34 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/04/16 21:57:44 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/16 21:57:44 | 000,663,472 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/16 21:57:44 | 000,122,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/16 21:50:56 | 527,835,135 | -HS- | M] () -- C:\hiberfil.sys [2012/04/15 15:21:42 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/14 19:12:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/09 23:50:53 | 000,000,832 | ---- | M] () -- C:\MemeoSendAddin [2012/04/09 23:50:25 | 000,796,852 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/01 18:35:10 | 000,000,469 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/04/01 18:31:01 | 000,002,531 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk ========== Files Created - No Company Name ========== [2012/04/01 18:31:15 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/04/01 18:31:01 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk [2011/11/13 23:03:42 | 000,000,087 | ---- | C] () -- C:\Windows\EART837.ini [2011/04/23 22:18:10 | 000,100,208 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll [2011/04/23 22:17:32 | 000,062,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll [2011/04/23 22:16:44 | 000,250,552 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll [2011/01/23 01:40:43 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2010/12/19 01:14:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon [2011/02/20 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canon [2010/05/06 15:39:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\common files [2010/04/19 20:46:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Pro [2012/04/15 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Epson [2011/04/13 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HW group [2011/11/13 23:39:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leader Technologies [2011/11/13 23:35:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech [2011/11/13 22:59:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Memeo [2010/05/06 13:47:37 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PACE Anti-Piracy [2010/12/24 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCDr [2010/04/19 03:32:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers [2010/05/04 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Quicken WillMaker [2011/01/23 04:21:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Rovio [2011/08/26 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Seagate [2010/04/19 03:32:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony [2010/05/04 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Vso [2010/12/21 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer [2012/01/03 09:19:59 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\John\Documents\Cleanline Builld.avi:TOC.WMV @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:DDE29E40 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3 @Alternate Data Stream - 1247 bytes -> C:\Users\John\AppData\Local\z9KCxHkWQC:zDlZrB5HtSjyXsb6A4blkOAZD @Alternate Data Stream - 1134 bytes -> C:\Users\John\AppData\Local\zpMHrKrfeq3C:GeWgI3oum9jcFb9HnEdU6Yv < End of report > Extras Log: OTL Extras logfile created on: 4/23/2012 4:08:52 PM - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\John\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 41.68% Memory free 11.98 Gb Paging File | 6.85 Gb Available in Paging File | 57.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.06 Gb Total Space | 271.19 Gb Free Space | 59.33% Space Free | Partition Type: NTFS Drive E: | 298.31 Gb Total Space | 271.99 Gb Free Space | 91.18% Space Free | Partition Type: NTFS Drive F: | 297.86 Gb Total Space | 243.43 Gb Free Space | 81.73% Space Free | Partition Type: NTFS Computer Name: JOLEE | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension "{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830 "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0913-000001000000}" = 7-Zip 9.13 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{6F42AB02-6626-45DE-AA69-E141FDB82CDF}" = Vegas Pro 9.0 (64-bit) "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{C7663280-83B4-4E21-838C-ACEEB4C61FA2}" = FastAccess "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "EPSON Artisan 837 Series" = EPSON Artisan 837 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common "{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New "{10E3F95B-22C9-4E1F-960D-C0BB5E889EB0}" = ClearView "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator "{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share "{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 30 "{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium "{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5796F3D8-2679-4C14-94D4-5FA852D553E1}" = AVCHD converter "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish "{6DEEA6A7-AC84-4C08-9944-E06E08DF98B4}" = TurboTax 2010 wctiper "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{816E3C02-DABF-1354-0B98-5E153F7DF79B}" = Skins "{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC4BDEB4-E06A-4605-B5D2-2FE6750681A5}" = HD Writer AE 2.1 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static "{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian "{FDB97C1E-ADF2-43BA-B513-6BE144D977D7}" = TurboTax 2011 wctiper "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Akamai" = Akamai NetSession Interface Service "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10 "ANObrowse" = ANObrowse Client "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2 "CanonMyPrinter" = Canon My Printer "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CREATIVE KARAOKE PLAYER" = Creative Karaoke Player "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010) "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "FMS" = FMS "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "HWVSP3s_is1" = HW Virtual Serial Port 3.1.2 Single "InstallShield_{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "LTCM Client" = LTCM Client "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MP Navigator 2.2" = Canon MP Navigator 2.2 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "outlookset" = Outlook Setup Tool "Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010 "RealPlayer 12.0" = RealPlayer "StartNow Toolbar" = StartNow Toolbar "Super Internet TV (Premium Edition)_is1" = Super Internet TV v8.0 (Premium Edition) "Trusted Software Assistant_is1" = File Type Assistant "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "vGrabber (With RealPlayer)" = vGrabber (With RealPlayer) "WaveStudio 7" = Creative WaveStudio 7 "Windows Searchqu Toolbar" = Windows iLivid Toolbar "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Super Internet TV (Free Edition)_is1" = Super Internet TV v8.1 (Free Edition) "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/2/2011 12:00:29 PM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/2/2011 10:22:56 PM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/2/2011 11:10:03 PM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 12:00:16 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 1:09:39 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 2:02:57 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 9:43:31 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 10:10:19 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 11:03:22 AM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 9/3/2011 12:06:31 PM | Computer Name = JoLee | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ Broadcom Wireless LAN Events ] Error - 2/28/2012 7:30:35 PM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 18:30:35, Tue, Feb 28, 12 Error - Unable to decode string, error 87 Error - 3/28/2012 8:51:58 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 08:51:58, Wed, Mar 28, 12 Error - Unable to decode string, error 87 Error - 3/30/2012 9:05:47 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 09:05:47, Fri, Mar 30, 12 Error - Unable to gain access to user store Error - 3/31/2012 10:45:44 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 10:45:44, Sat, Mar 31, 12 Error - Unable to decode string, error 87 Error - 4/1/2012 3:25:29 PM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 15:25:28, Sun, Apr 01, 12 Error - Unable to gain access to user store Error - 4/6/2012 10:24:26 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 10:24:26, Fri, Apr 06, 12 Error - Unable to decode string, error 87 Error - 4/6/2012 10:24:27 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 10:24:27, Fri, Apr 06, 12 Error - Unable to decode string, error 87 Error - 4/6/2012 11:31:41 PM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 23:31:41, Fri, Apr 06, 12 Error - Unable to decode string, error 87 Error - 4/8/2012 10:30:29 PM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 22:30:28, Sun, Apr 08, 12 Error - Unable to gain access to user store Error - 4/13/2012 1:48:01 AM | Computer Name = JoLee | Source = WLAN-Tray | ID = 0 Description = 01:48:01, Fri, Apr 13, 12 Error - Unable to decode string, error 87 [ Media Center Events ] Error - 10/25/2010 5:36:28 PM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 5:36:26 PM - Error connecting to the internet. 5:36:26 PM - Unable to contact server.. Error - 10/26/2010 1:04:57 PM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 1:04:51 PM - Error connecting to the internet. 1:04:51 PM - Unable to contact server.. Error - 10/26/2010 2:05:03 PM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 2:05:01 PM - Error connecting to the internet. 2:05:01 PM - Unable to contact server.. Error - 10/26/2010 3:05:10 PM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 3:05:09 PM - Error connecting to the internet. 3:05:09 PM - Unable to contact server.. Error - 10/26/2010 4:05:16 PM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 4:05:14 PM - Error connecting to the internet. 4:05:14 PM - Unable to contact server.. Error - 11/28/2011 1:09:26 AM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 12:09:25 AM - Failed to retrieve Directory (Error: The underlying connection was closed: An unexpected error occurred on a receive.) Error - 11/28/2011 1:09:26 AM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 12:09:26 AM - Failed to retrieve NetTV (Error: The underlying connection was closed: An unexpected error occurred on a receive.) Error - 11/28/2011 1:09:27 AM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 12:09:27 AM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: An unexpected error occurred on a receive.) Error - 11/28/2011 1:09:27 AM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 12:09:27 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: An unexpected error occurred on a receive.) Error - 11/28/2011 1:09:28 AM | Computer Name = JoLee | Source = MCUpdate | ID = 0 Description = 12:09:27 AM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: An unexpected error occurred on a receive.) [ System Events ] Error - 4/18/2012 10:46:54 PM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/19/2012 9:35:10 AM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/19/2012 5:49:22 PM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/20/2012 12:01:42 AM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/20/2012 8:01:28 AM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/20/2012 9:43:02 PM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/20/2012 10:56:22 PM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/21/2012 8:54:51 AM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/22/2012 5:15:06 AM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 4/23/2012 3:48:08 PM | Computer Name = JoLee | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. < End of report >
  15. Hey Everyone, OK, this morning I realized that my fiance's computer's Firefox homepage was directed to searchnu.com/406. First I searched for newly-installed applications, hoping that simple uninstallation would solve the issue. Unfortunately, I could not find any new applications, and she does not remember installing anything new in the last few days. Next we tried a system restore, but the computer keeps failing to successfully restore to a previous state. After more online research, I found this (http://forums.malwar...howtopic=107847) thread. I did the instructions per Maniac, and my OTL and Extras files are listed below, as instructed (I had to split them up because my post was too long). If you guys could provide any help, I'd very much appreciate it. Thank you so very much for your time. OTL logfile created on: 4/19/2012 8:07:33 AM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\kristen\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.90% Memory free 7.50 Gb Paging File | 4.52 Gb Available in Paging File | 60.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.34 Gb Total Space | 749.84 Gb Free Space | 81.65% Space Free | Partition Type: NTFS Drive D: | 13.07 Gb Total Space | 1.60 Gb Free Space | 12.26% Space Free | Partition Type: NTFS Computer Name: KRISTEN-HP | User Name: kristen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012/04/19 08:06:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\kristen\Downloads\OTL.exe PRC - [2012/04/05 23:24:24 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012/03/25 02:40:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/02/11 13:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE PRC - [2010/01/21 08:58:04 | 000,025,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe PRC - [2010/01/21 08:57:38 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/11/24 20:26:32 | 000,393,216 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/11/17 20:45:20 | 000,212,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe PRC - [2009/10/02 17:11:50 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/11/02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 03:41:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll MOD - [2012/04/12 03:41:45 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\486a0c233b3aa834e8cca53ed355bf1c\ReachFramework.ni.dll MOD - [2012/04/12 03:41:42 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll MOD - [2012/04/12 03:41:30 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll MOD - [2012/04/12 03:41:23 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll MOD - [2012/04/12 03:41:18 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll MOD - [2012/04/05 23:24:24 | 001,969,112 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012/04/05 23:24:24 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012/04/05 23:24:24 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012/03/25 02:40:05 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/02/17 04:46:05 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll MOD - [2012/02/17 04:46:02 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44d15a5bcd3143d53fd67b871c728616\System.IdentityModel.ni.dll MOD - [2012/02/17 04:46:01 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll MOD - [2012/02/17 04:45:59 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3623247db0c19cd14589e6f4d6cfb290\System.ServiceModel.ni.dll MOD - [2012/02/17 04:45:59 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb46ff3a7098925dd3f0552901668735\SMDiagnostics.ni.dll MOD - [2012/02/17 04:38:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MOD - [2012/02/17 04:38:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012/02/17 04:38:39 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll MOD - [2012/02/17 04:38:18 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012/02/17 04:38:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MOD - [2012/02/17 04:37:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012/02/17 04:37:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012/02/17 04:37:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2011/12/07 13:17:17 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011/10/13 03:43:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2010/12/07 14:52:55 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/02/07 11:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll MOD - [2007/11/02 15:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPUsageTracking.dll MOD - [2007/11/02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe MOD - [2007/11/02 15:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPToolkit.dll MOD - [2007/11/02 15:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\Enumeration.dll MOD - [2007/11/02 15:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPTools.dll MOD - [2007/11/02 15:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hp\HP UT\bin\HPStreamsInterface.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/02/03 03:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/07/15 02:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS) SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/01/21 08:57:38 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv) DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/08/04 15:15:16 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter) DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP) DRV:64bit: - [2010/12/01 13:50:13 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/09 02:41:26 | 001,212,160 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2) DRV:64bit: - [2010/02/05 15:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/05 15:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/02/03 03:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/02/03 02:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/09/17 13:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2009/09/17 13:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950) DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS) DRV:64bit: - [2009/07/20 03:44:04 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/17 22:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2012/04/02 19:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120418.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/03/04 11:52:52 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120418.032\EX64.SYS -- (NAVEX15) DRV - [2012/03/04 11:52:52 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120418.032\ENG64.SYS -- (NAVENG) DRV - [2012/02/03 23:10:43 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/02/03 23:10:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{8793CB4F-98EC-469A-A943-A6B5D122CD7A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\SearchScopes\{CC43ABD8-2292-4E5E-B828-673E727EA810}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/06/02 21:15:55 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/06/02 21:15:55 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/25 08:27:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/04/12 03:36:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/25 02:40:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/02 08:46:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/22 11:20:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/06 11:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Extensions [2011/03/02 15:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/04/06 11:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions [2012/02/01 19:04:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/04/29 10:51:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012/02/01 19:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\extensions\trash [2012/04/06 11:08:47 | 000,002,519 | ---- | M] () -- C:\Users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\e6rl0qvp.default\searchplugins\Search_Results.xml [2012/04/06 11:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/22 22:59:46 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/25 02:40:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/29 12:27:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/22 17:32:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/06 11:08:47 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/22 17:32:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\kristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe () O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1055534874-1863846593-3090442294-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiveStream Broadcaster.lnk = C:\Program Files (x86)\LiveStream\Broadcaster\LiveStreamBroadcaster.exe (LiveStream LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab (EZTwainX by Dosadi) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE66C2CE-9040-4285-9E01-1B5395F5E5EF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA608F66-E8AC-4ABD-ADDD-B908A57EA1BF}: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2012/04/16 12:40:56 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{8EAD2BC3-60F1-4544-9007-654B2055203B} [2012/04/13 19:08:06 | 000,000,000 | ---D | C] -- C:\b3305445a404f5217782baca [2012/04/12 03:08:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/04/12 03:08:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/04/12 03:08:35 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/04/12 03:08:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/04/12 03:08:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/04/12 03:08:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/04/12 03:08:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/04/12 03:08:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/04/12 03:08:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/04/12 03:08:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/04/12 03:08:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/04/12 03:07:46 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/04/12 03:07:45 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/04/12 03:07:44 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/04/12 03:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/04/12 03:02:52 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/04/12 03:02:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/04/06 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\Ilivid Player [2012/04/06 11:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/04/03 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{68BC5610-3EDA-48CA-A925-5D717A9495D2} [2012/03/28 15:09:34 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{A85BCE18-8B26-4E4A-96FE-1CF4CC53F76D} [2012/03/28 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{8458F2A1-432E-4FA0-84E6-A38357C6CDD8} [2012/03/26 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{00386579-3B0C-4AD6-97F2-527A1986D865} [2012/03/26 14:32:35 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{F171D355-9872-430B-AD26-DEEA8167367B} [2012/03/26 14:25:14 | 000,000,000 | ---D | C] -- C:\Users\kristen\Desktop\Taylor [2012/03/25 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\kristen\Documents\Wedding [2012/03/20 15:28:21 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{EE3F92D0-972D-438E-AEF6-87FFBCDEA3F9} [2012/03/20 15:28:09 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{3028230E-4073-49D5-BABE-F0DC6FB0DFC4} [2012/03/19 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{004A6924-35A2-42F3-A101-3253477B84F6} [2012/03/19 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{FFEFA4EB-7134-46B2-877E-261311A58723} [2012/03/13 22:55:33 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/03/13 22:55:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/03/13 22:55:32 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/03/13 22:55:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/03/13 22:55:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/03/13 22:55:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/03/13 22:55:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/03/13 22:55:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/03/13 22:54:59 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/03/13 22:54:59 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/03/13 09:29:08 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{221C8BA7-4315-444C-B117-7C1E2CC76E67} [2012/03/13 09:28:56 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{67E3EFA9-0721-47B5-A37A-33026D482DC8} [2012/02/23 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{91547B61-10BE-448D-863B-E37804B5D7B1} [2012/02/23 16:27:58 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{40C61AF1-48D9-42FB-8084-080E7A9AFB62} [2012/02/23 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{EBBC4B59-F870-4AA4-8ADD-E64130A59CE2} [2012/02/23 12:59:05 | 000,000,000 | ---D | C] -- C:\Users\kristen\AppData\Local\{AD7B4405-CEAC-42D2-9A72-4878DE58DF0F} ========== Files - Modified Within 60 Days ========== [2012/04/19 08:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/19 01:18:54 | 000,003,900 | ---- | M] () -- C:\Windows\mozy.blk [2012/04/19 01:18:54 | 000,003,612 | ---- | M] () -- C:\Windows\mozy.flt [2012/04/18 22:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/17 21:00:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/17 21:00:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/17 17:56:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkristen.job [2012/04/14 00:08:08 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/12 03:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/12 03:35:39 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2012/04/12 03:14:41 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/12 03:14:41 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/12 03:14:41 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/05 00:15:00 | 000,038,881 | ---- | M] () -- C:\Users\kristen\Documents\index.html [2012/03/14 03:24:58 | 000,486,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/06 02:43:21 | 005,504,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/03/06 01:59:41 | 003,958,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/03/06 01:59:41 | 003,902,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/03/01 02:45:41 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/03/01 02:40:14 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/02/28 15:06:51 | 000,002,116 | ---- | M] () -- C:\Users\kristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/02/28 13:45:39 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012/02/28 02:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/28 02:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/28 02:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/28 02:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/28 02:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/28 02:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/27 21:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/27 21:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/27 21:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/27 21:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/27 20:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/22 17:32:35 | 000,002,050 | ---- | M] () -- C:\Users\kristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/04/05 00:14:59 | 000,038,881 | ---- | C] () -- C:\Users\kristen\Documents\index.html [2011/09/13 11:20:58 | 000,007,602 | ---- | C] () -- C:\Users\kristen\AppData\Local\Resmon.ResmonCfg [2011/03/31 12:19:47 | 000,011,264 | ---- | C] () -- C:\Users\kristen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/02 21:29:13 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/06/02 21:02:54 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2010/06/02 20:45:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > Below is the "Extras" file. I had to put it in a new reply in order to keep my post short enough to be published. OTL Extras logfile created on: 4/19/2012 8:07:33 AM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\kristen\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.90% Memory free 7.50 Gb Paging File | 4.52 Gb Available in Paging File | 60.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.34 Gb Total Space | 749.84 Gb Free Space | 81.65% Space Free | Partition Type: NTFS Drive D: | 13.07 Gb Total Space | 1.60 Gb Free Space | 12.26% Space Free | Partition Type: NTFS Computer Name: KRISTEN-HP | User Name: kristen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{50BFFD84-1328-83A2-B9D9-7D4C6ED0B0CA}" = MozyHome "{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager "{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PC-Doctor for Windows" = Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy "{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11070051-3806-4F34-8F1D-A7874ADC296C}" = HP TouchSmart Paint it! by Corel - Core "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30 "{2752631F-ABA9-4B43-A7E2-35C03512AAE3}" = HP TouchSmart Canvas "{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai "{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German "{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish "{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3C19AEEC-7779-4FA5-A1DA-AEB93E674294}" = Corel Paint it! touch - IPM "{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5932A032-0BD3-4EEA-9FC3-5E4C98B770C5}" = HP TouchSmart Paint it! by Corel - Langauge "{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian "{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese "{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver "{5CBE8F58-049D-49FE-B4E3-A23CF3194771}" = HP TouchSmart Paint it! by Corel - Langauge "{5F10FEF8-0538-4BB7-9020-E553C85427E9}" = HP TouchSmart "{5F19F53C-4BC1-4A03-915A-88C4B2753226}" = HP TouchSmart Link "{63B1242A-6111-489E-B2DF-7167AD35B229}" = HP TouchSmart Notes "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP TouchSmart Live TV "{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel - ICA "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista "{766486B3-441B-4376-A5F8-0AE2E4BDFB3C}" = HP TouchSmart Paint it! by Corel - Langauge "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77B559D7-CBF8-43FE-90BB-BDB6A30E9B61}" = HP TouchSmart Paint it! by Corel - Langauge "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore "{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light "{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials "{864BC409-6229-452C-B1FD-FA960D13F824}" = HP TouchSmart Paint it! by Corel - Langauge "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABFD25DE-AA93-43AB-BF49-E21EFF8D5812}" = HP TouchSmart Twitter "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static "{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B770307B-2E7E-4BAD-BF75-1511A76AD277}" = HP TouchSmart Paint it! by Corel - Content "{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{BF6B7982-9189-4765-9DD3-039CE6D69C0C}" = Buttons & OSDs control application gen3 "{BFA6DE67-F8EF-427B-B962-D03ADAF56734}" = HP TouchSmart Paint it! by Corel - Langauge "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C80F3135-2B60-4153-B4F1-9B6F67F055B1}" = HP TouchSmart RecipeBox "{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian "{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1FD99EF-7312-426E-A9BD-92ECD2093B4A}" = HP TouchSmart Paint it! by Corel - Langauge "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean "{EE170B45-E070-42A9-90FB-3525F9D3F18F}" = HP TouchSmart Calendar "{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian "{F33B9785-B646-4564-849B-BEE3A1700694}" = HP TouchSmart Paint it! by Corel - Langauge "{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts "{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup "{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing "{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish "{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare "{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation "{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch "{F9A36074-25AD-4F2E-969E-AEDF452DC57B}" = HP TouchSmart Paint it! by Corel - Langauge "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12 "AVerMedia MiniCard Hybrid TV Tuner" = AVerMedia MiniCard Hybrid TV Tuner 1.1.64.55 "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "FastStone Image Viewer" = FastStone Image Viewer 4.2 "FileZilla Client" = FileZilla Client 3.3.5.1 "Google Chrome" = Google Chrome "HP Keyboard_is1" = HP Desktop Keyboard "HP Remote Solution" = HP Remote Solution "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP TouchSmart Live TV "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "LiveStream Broadcaster" = LiveStream Broadcaster (remove only) "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US) "My HP Game Console" = HP Game Console "NIS" = Norton Internet Security "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PosteRazor_is1" = PosteRazor "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WT082124" = Blasterball 3 "WT082125" = Bob the Builder Can-Do-Zoo "WT082133" = Dora's Carnival Adventure "WT082141" = FATE "WT082168" = Penguins! "WT082170" = Plants vs. Zombies "WT082172" = Polar Bowler "WT082173" = Polar Golfer "WT082192" = Bejeweled 2 Deluxe "WT082200" = Chuzzle Deluxe "WT082241" = Virtual Villagers - The Secret City "WT082396" = Diner Dash 2 Restaurant Rescue "WT082427" = Slingo Deluxe "WT082432" = Ancient Hearts "WT082433" = Bookworm Adventures "WT082438" = Build-a-lot 2 "WT082441" = Dora's World Adventure "WT082443" = Jewel Quest 3 "WT082447" = Mah Jong Medley "WT082458" = Tradewinds Legends "WT082463" = Zuma's Revenge "WT082468" = Jewel Quest Solitaire 2 "WT083472" = Airport Mania "WT083473" = Bounce Symphony "WT083489" = JoJo's Fashion Show "WT083490" = Skip-Bo - Castaway Caper "WT083491" = TextTwist 2 "WT083697" = Build-a-lot "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1055534874-1863846593-3090442294-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/16/2011 12:39:04 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x16b8 Faulting application start time: 0x01cca419a8eeccda Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: e9160d9e-100c-11e1-9967-7071bc54499c Error - 11/27/2011 12:44:40 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 10.2.152.32, time stamp: 0x4d648f0d Exception code: 0xc0000005 Fault offset: 0x00178b6a Faulting process id: 0x1738 Faulting application start time: 0x01ccac8541313855 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: 84043d80-18b2-11e1-bd20-7071bc54499c Error - 12/2/2011 1:58:27 AM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 10.2.152.32, time stamp: 0x4d648f0d Exception code: 0xc0000005 Fault offset: 0x00178b6a Faulting process id: 0xce8 Faulting application start time: 0x01ccafa0ef5ece3e Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: a6cbe90d-1caa-11e1-8df0-7071bc54499c Error - 12/4/2011 6:06:18 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: FlipShare.exe, version: 5.0.5.52727, time stamp: 0x4b05a1b8 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xe8c833e4 Faulting process id: 0x16d8 Faulting application start time: 0x01ccb2cb0a02287e Faulting application path: C:\Program Files (x86)\Flip Video\FlipShare\FlipShare.exe Faulting module path: unknown Report Id: 30b51495-1ec4-11e1-8df0-7071bc54499c Error - 12/25/2011 12:59:48 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 7.0.1.4288, time stamp: 0x4e83b8cd Faulting module name: NPSWF32.dll, version: 11.1.102.55, time stamp: 0x4eaf86ce Exception code: 0xc0000005 Fault offset: 0x00198824 Faulting process id: 0xfb4 Faulting application start time: 0x01ccc1aaf89d0580 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: da11ed49-2f19-11e1-993c-7071bc54499c Error - 1/5/2012 1:25:19 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x1e94 Faulting application start time: 0x01cccbcefb2d0297 Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: 3cfde344-37c2-11e1-8ec2-7071bc54499c Error - 2/1/2012 7:06:32 PM | Computer Name = kristen-HP | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 9.0.1.4371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2368 Start Time: 01cce135c14c80ff Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 5815d822-4d29-11e1-ac46-7071bc54499c Error - 2/1/2012 7:08:01 PM | Computer Name = kristen-HP | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 9.0.1.4371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 216c Start Time: 01cce1362a7d264a Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 92f454df-4d29-11e1-ac46-7071bc54499c Error - 2/4/2012 8:46:36 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: hpbdfawep.exe, version: 8.0.0.1, time stamp: 0x462f17ef Faulting module name: hppatusg01.dll, version: 1.0.0.19, time stamp: 0x47ab3a46 Exception code: 0xc000000d Fault offset: 0x000000000000d2d4 Faulting process id: 0x988 Faulting application start time: 0x01cce39f98b3594d Faulting application path: C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe Faulting module path: C:\Windows\system32\hppatusg01.dll Report Id: daac2c92-4f92-11e1-ac46-7071bc54499c Error - 2/13/2012 1:37:57 PM | Computer Name = kristen-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 9.0.1.4371, time stamp: 0x4ef15e07 Faulting module name: NPSWF32.dll, version: 11.1.102.55, time stamp: 0x4eaf86ce Exception code: 0xc0000005 Fault offset: 0x00198824 Faulting process id: 0x1e5c Faulting application start time: 0x01cce21b22f141b6 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: 770ab19a-5669-11e1-ac46-7071bc54499c [ Hewlett-Packard Events ] Error - 3/9/2012 12:32:26 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:32:47 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:33:04 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:33:28 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:34:01 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:35:00 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:35:54 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/9/2012 12:36:34 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/10/2012 1:54:17 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = Error - 3/10/2012 1:54:26 PM | Computer Name = kristen-HP | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 3/25/2012 2:37:08 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 3/25/2012 2:38:53 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. Error - 3/25/2012 2:38:53 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7000 Description = The HP Support Assistant Service service failed to start due to the following error: %%1053 Error - 4/11/2012 1:35:48 PM | Computer Name = kristen-HP | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE66C2CE-9040-4285-9E01-1B5395F5E5EF} because another computer on the network has the same name. The server could not start. Error - 4/12/2012 3:00:24 AM | Computer Name = kristen-HP | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE66C2CE-9040-4285-9E01-1B5395F5E5EF} because another computer on the network has the same name. The server could not start. Error - 4/12/2012 3:36:26 AM | Computer Name = kristen-HP | Source = Service Control Manager | ID = 7023 Description = The Server service terminated with the following error: %%14 Error - 4/16/2012 12:20:07 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/17/2012 7:57:51 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/18/2012 9:33:24 PM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error - 4/19/2012 12:27:11 AM | Computer Name = kristen-HP | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. < End of report >
  16. Well logged into my girlfriend's laptop today and behold the virus magnet that she is had managed to contract this redirect as her homepage, I've been searching now to rid the issue but to no avail. I attempted to run the OTL.exe file to extract the needed logs that I noticed are needed but have hit a hangup when it tries to scan the modules which leads the program to be unresponsive. I am at a standstill at this point and have not gotten anywhere with any anti-virus i have ran. Would really appreciate any help that I can get at this point... Thanks in advance, --Dalton
  17. Hi, I'm having real trouble getting rid of searchnu which comes up every time I open firefox, wondered if you could help me? Thanks- Cait ps I'm really bad with computers so please go basic!
  18. How do I remove this? Malwarebites isn't doing the trick. I have a funny feeling its still here. Thanks!
  19. I acquired the searchnu.com/406 browser hijacker while stupidly torrenting. It has taken over as the homepage for Mozilla and Chrome, but not Internet Explorer. I uninstalled the iLivid and deleted the searchnu add-on, however it still remains. I downloaded Malwarebytes anti-malware (free) and ran a quick scan, however it did not seem to catch it. What are your recommendations to do next? Run a full scan? I tried looking up the registry keys to delete, however I could not locate them. Thanks
  20. Malware is redirecting Firefox to hxxp://www.searchnu.com/406 Neither F-Secure nor your malware removal has removed this problem. Please advise on what to do. There is little online about this issue and most sites discussing it seem to be fraudulent. Ran dds but only one file created which I have attached. Please assist. Link Broken -screen317 DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.