Computer doesn't even work out of safe mode

claabs · April 17, 2013

I believe it's the PUP Installer virus that Malwarebytes didn't completely remove. These were run in Safe Mode...hope that's okay.

Thanks in advance to anyone who can help me!

Cherie

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16476

Run by Laabs at 15:02:57 on 2013-04-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2384 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>

uURLSearchHooks: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - <orphaned>

uURLSearchHooks: <No Name>: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\2.bin\u4SrcAs.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\2.bin\u4SrcAs.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

TB: Guffins: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll

TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\2.bin\u4bar.dll

TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uRun: [WorkForce 520(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGIA.EXE /FU "C:\Windows\TEMP\E_SDC4A.tmp" /EF "HKCU"

uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sMessaging] C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Guffins Search Scope Monitor] "C:\PROGRA~2\Guffins\bar\2.bin\u4srchmn.exe" /m=2 /w /h

mRun: [Guffins Browser Plugin Loader] C:\PROGRA~2\Guffins\bar\2.bin\u4brmon.exe

StartupFolder: C:\Users\Laabs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Laabs\AppData\Local\StrongVault\StrongVaultApp.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-10 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-10 38016]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-4-8 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-4-8 1139800]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38456]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]

S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-4-8 168096]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSviA64.sys [2013-4-12 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-4-8 224416]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-4-8 432800]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-10 203264]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-30 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-30 128512]

S2 GuffinsService;GuffinsService;C:\PROGRA~2\Guffins\bar\2.bin\u4barsvc.exe [2013-2-24 42504]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe [2013-4-8 144520]

S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-3-9 369152]

S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-3-9 460288]

S2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-3-9 342528]

S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-19 818200]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-10 349800]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-7 1255736]

.

=============== Created Last 30 ================

.

2013-04-16 20:05:29 -------- d-----w- C:\Users\Laabs\AppData\Roaming\Malwarebytes

2013-04-16 20:05:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-16 20:05:17 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-16 20:05:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-16 20:05:03 -------- d-----w- C:\Users\Laabs\AppData\Local\Programs

2013-04-10 12:54:42 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-08 23:40:28 796248 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtsp64.sys

2013-04-08 23:40:28 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys

2013-04-08 23:40:28 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys

2013-04-08 23:40:28 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtspx64.sys

2013-04-08 23:40:28 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1403010.016\symelam.sys

2013-04-08 23:40:28 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys

2013-04-08 23:40:28 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys

2013-04-08 23:40:27 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys

2013-04-08 23:39:17 -------- d-----w- C:\Windows\System32\drivers\N360x64\1403010.016

2013-03-26 12:25:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-12 22:12:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 22:12:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-24 19:04:53 178552 ----a-w- C:\Program Files (x86)\u4res.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-03 15:25:36 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-02-03 15:25:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

.

============= FINISH: 15:04:05.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/5/2011 1:46:32 PM

System Uptime: 4/17/2013 3:01:51 PM (0 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 367.46 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.624 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe FE Family Controller

Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050

Manufacturer: Realtek

Name: Realtek PCIe FE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050

Service: RTL8167

.

==== System Restore Points ===================

.

RP195: 4/7/2013 5:09:49 PM - Scheduled Checkpoint

RP196: 4/11/2013 3:00:47 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6)

Agatha Christie - Peril at End House

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Troubleshoot & Resolve Tool

ATI Catalyst Install Manager

att.net Internet Mail

att.net Toolbar

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Build-a-lot 2

Cabela`s Outdoor Adventures

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Chuzzle Deluxe 1.01

Clone Wars

Coupon Companion Plugin

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

DVD Menu Pack for HP MediaSmart Video

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 520 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

Escape Rosecliff Island

Farm Frenzy

FATE

Final Drive Nitro

Free M4a to MP3 Converter 7.1

Free RAR Extract Frog

Free Realms

GIMP 2.6.11

GIRDAC Free PDF Creator

GIRDAC Port

Guffins Toolbar

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

iTunes

Jewel Quest Solitaire 2

JumpStart World Presents Pet Playground

Junk Mail filter update

Kobo

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Mystery P.I. - The London Caper

Norton 360

Norton Online Backup

PDF Complete Corporate Edition

Penguins!

PhotoNow!

Pirate101

Pivot Stickfigure Animator version 2.2.7

Plants vs. Zombies

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PressReader

PrintServer Utilities

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery Manager

Republic at War 1.1

ROBLOX Player for Laabs

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Serif PagePlus Starter Edition

Skype™ 5.10

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Empire at War Forces of Corruption Demo

Strongvault Online Backup

Trophy Hunter 2003 - Rocky Mountain Adventures

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Virtual Families

Virtual Villagers 4 - The Tree of Life

VNC Enterprise Edition E4.5.3

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

World of Tanks

Yahoo! Software Update

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

4/17/2013 3:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/17/2013 3:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/17/2013 3:02:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/17/2013 3:02:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/17/2013 3:02:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

4/17/2013 3:02:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/17/2013 2:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

4/17/2013 2:48:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/16/2013 8:54:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

4/16/2013 8:32:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

4/16/2013 8:14:56 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/16/2013 8:12:51 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.

4/16/2013 8:10:46 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/16/2013 8:10:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

4/16/2013 8:09:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

4/16/2013 8:09:14 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/16/2013 6:00:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:45:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/16/2013 2:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/16/2013 2:42:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/16/2013 2:42:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/15/2013 6:34:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/14/2013 5:41:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

4/14/2013 5:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

4/14/2013 5:36:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

4/14/2013 5:35:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

4/11/2013 3:33:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8002583060, 0xfffff80000b9c518, 0xfffffa8006fb8490). A dump was saved in: C:\Windows\Minidump\041113-80324-01.dmp. Report Id: 041113-80324-01.

.

==== End Of File ===========================

MrCharlie · April 18, 2013

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:

Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Guffins
Coupon Companion

claabs · April 21, 2013

Thanks so much for helping me. My kids are driving me nuts! "Is the computer fixed yet? Is it?!"

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Laabs [Admin rights]

Mode : Scan -- Date : 04/20/2013 20:22:08

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging (C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe) [7] -> FOUND

[sTARTUP][sUSP PATH] StrongVaultApp.exe.lnk @Common : C:\Users\Laabs\AppData\Local\StrongVault\StrongVaultApp.exe [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++

--- User ---

[MBR] f8b8fc7cf168c1322a9eeccbd5db935e

[bSP] 6518f3cdc2f87b85f4b61d45567fbb64 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463320 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949086208 | Size: 13518 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 87491acbd5b4bfeba8e9a1265ae79306

[bSP] e59807d88bb77f070731e3d05f2e1d27 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

+++++ PhysicalDrive2: USB Flash Disk USB Device +++++

--- User ---

[MBR] 1e63fa39bccc1a5b8e85f116c6e04d76

[bSP] c31aaa6f4059f425d49131ed63a22470 : Empty MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 63 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_04202013_02d2022.txt >>

RKreport[1]_S_04202013_02d2022.txt

MrCharlie · April 21, 2013

It's late where I'm at so this will be my only post until the morning.

Please uninstall these from your add/remove programs:

Guffins

Coupon Companion

Then.....

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.
You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:
/DisableAskDetection - This option disables Ask Toolbar detection.

-----------------------------

If you don't see anything you want to keep.......

Please create a new system restore point before continuing.

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

claabs · April 21, 2013

# AdwCleaner v2.200 - Logfile created 04/20/2013 at 21:40:42

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Laabs - LAABS-HP

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Laabs\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Laabs\AppData\Local\blekkotb

Folder Deleted : C:\Users\Laabs\AppData\Local\Conduit

Folder Deleted : C:\Users\Laabs\AppData\Local\Coupon Companion Plugin

Folder Deleted : C:\Users\Laabs\AppData\Local\PackageAware

Folder Deleted : C:\Users\Laabs\AppData\Local\TempDir

Folder Deleted : C:\Users\Laabs\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Laabs\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Laabs\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Somoto

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5709 octets] - [20/04/2013 20:48:55]

AdwCleaner[R2].txt - [5722 octets] - [20/04/2013 21:40:28]

AdwCleaner[s1].txt - [5016 octets] - [20/04/2013 21:40:42]

########## EOF - C:\AdwCleaner[s1].txt - [5076 octets] ##########

MrCharlie · April 21, 2013

Any improvement??

If not.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

claabs · April 21, 2013

No, it's still freezing up with the first program I open in regular mode. I'm still in Safe Mode.

OTL logfile created on: 4/21/2013 9:16:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laabs\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 84.52% Memory free

5.50 Gb Paging File | 5.08 Gb Available in Paging File | 92.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.46 Gb Total Space | 367.23 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Drive G: | 62.87 Mb Total Space | 41.20 Mb Free Space | 65.54% Space Free | Partition Type: FAT

Computer Name: LAABS-HP | User Name: Laabs | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 09:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/25 12:00:30 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)

SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/09/13 18:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/13 18:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/03/12 17:12:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/25 12:00:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)

SRV - [2013/02/25 11:59:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)

SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)

SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2010/10/12 15:19:14 | 000,818,200 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/25 11:59:52 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)

DRV:64bit: - [2013/02/25 11:59:46 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)

DRV:64bit: - [2013/01/30 22:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)

DRV:64bit: - [2013/01/30 22:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013/01/28 20:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013/01/28 20:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2013/01/21 21:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)

DRV:64bit: - [2012/11/15 21:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/11/15 21:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012/10/10 14:56:14 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/03/21 20:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/02/28 20:24:26 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\ex64.sys -- (NAVEX15)

DRV - [2013/02/28 20:24:26 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130413.016\eng64.sys -- (NAVENG)

DRV - [2013/02/25 11:59:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2013/02/25 11:59:32 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2012/10/10 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/10/10 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/10/09 15:46:48 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\URLSearchHook: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - No CLSID value found

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{DB7C460F-A5E0-424D-ADE8-33F868F65E75}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4272652656-438244758-189266899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Laabs\AppData\Local\Roblox\Versions\version-6e655c3defe448aa\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Laabs\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Laabs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012/10/10 14:56:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013/04/21 09:05:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/03 10:26:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/03 10:26:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No CLSID value found.

O3 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [sMessaging] C:\Users\Laabs\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\Run: [Messenger] C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe (Stronghold LLC)

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\Run: [WorkForce 520(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE /FU "C:\Windows\TEMP\E_SDC4A.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-4272652656-438244758-189266899-1001..\RunOnce: [Report] C:\AdwCleaner[s1].txt ()

O4 - Startup: C:\Users\Laabs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4272652656-438244758-189266899-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 09:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

[2013/04/20 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Laabs\Desktop\RK_Quarantine

[2013/04/17 14:48:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Laabs\Desktop\dds.com

[2013/04/16 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Laabs\AppData\Roaming\Malwarebytes

[2013/04/16 15:05:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/16 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/16 15:05:03 | 000,000,000 | ---D | C] -- C:\Users\Laabs\AppData\Local\Programs

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 09:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/21 09:14:41 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/21 09:12:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/21 09:12:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/21 09:10:59 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/21 09:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laabs\Desktop\OTL.exe

[2013/04/20 21:31:13 | 000,000,216 | ---- | M] () -- C:\crp.vbs

[2013/04/20 20:46:58 | 000,613,083 | ---- | M] () -- C:\Users\Laabs\Desktop\adwcleaner.exe

[2013/04/20 20:11:34 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/20 20:11:34 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/20 20:11:34 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/20 20:10:06 | 000,791,040 | ---- | M] () -- C:\Users\Laabs\Desktop\RogueKillerX64.exe

[2013/04/17 14:48:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Laabs\Desktop\dds.com

[2013/04/16 15:05:17 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/11 03:33:43 | 000,377,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/11 03:32:34 | 002,458,653 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB

[2013/04/09 19:45:05 | 000,001,462 | ---- | M] () -- C:\Users\Laabs\.recently-used.xbel

[2013/04/09 19:21:04 | 002,488,118 | R--- | M] () -- C:\Users\Laabs\Desktop\DSC00544.JPG

[2013/04/09 08:23:36 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021

[2013/04/08 10:29:05 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLAABS-HP$.job

[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/03 03:21:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini

[2013/04/01 19:34:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaabs.job

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/20 21:31:13 | 000,000,216 | ---- | C] () -- C:\crp.vbs

[2013/04/20 20:48:24 | 000,613,083 | ---- | C] () -- C:\Users\Laabs\Desktop\adwcleaner.exe

[2013/04/20 20:20:41 | 000,791,040 | ---- | C] () -- C:\Users\Laabs\Desktop\RogueKillerX64.exe

[2013/04/16 15:05:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/09 19:45:05 | 000,001,462 | ---- | C] () -- C:\Users\Laabs\.recently-used.xbel

[2013/04/09 19:21:03 | 002,488,118 | R--- | C] () -- C:\Users\Laabs\Desktop\DSC00544.JPG

[2012/10/10 08:22:51 | 000,000,290 | ---- | C] () -- C:\ProgramData\SMRResults311.dat

[2012/04/25 14:55:09 | 000,000,106 | ---- | C] () -- C:\Users\Laabs\.gtk-bookmarks

[2011/09/18 13:38:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2011/07/08 14:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011/06/30 18:47:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/06/30 18:47:39 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/06/30 18:47:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/06/30 18:47:39 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/06/30 18:47:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/06/30 18:47:39 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/06/30 18:47:39 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/06/30 18:47:39 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/06/30 18:47:39 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/06/30 18:47:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/06/30 18:47:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/06/30 18:47:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/06/30 18:47:39 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/06/30 18:47:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/06/30 18:47:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/06/30 18:47:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/06/30 18:34:32 | 000,000,117 | ---- | C] () -- C:\Windows\EWF520.ini

[2011/06/07 18:49:49 | 005,943,296 | ---- | C] () -- C:\Windows\SysWow64\Bot.dll

[2011/06/07 18:49:49 | 000,000,101 | ---- | C] () -- C:\Windows\PSXLPR.INI

[2011/06/05 19:02:18 | 000,000,107 | ---- | C] () -- C:\Windows\ka.ini

[2011/06/05 15:20:48 | 000,000,277 | ---- | C] () -- C:\Windows\SysWow64\pserver.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/08 14:56:40 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Epson

[2012/03/05 15:51:38 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\GIRDAC

[2013/04/09 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\gtk-2.0

[2011/12/15 23:09:06 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\IrfanView

[2011/06/30 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Leadertech

[2012/05/11 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Petroglyph

[2012/12/24 09:11:28 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Philipp Winterberg

[2011/07/07 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\PhotoScape

[2011/09/17 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Serif

[2011/12/15 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Softland

[2012/03/05 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\SolidDocuments

[2013/02/03 10:20:28 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\Strongvault

[2012/07/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\wargaming.net

[2011/09/26 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Laabs\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:346465CA

< End of report >

OTL Extras logfile created on: 4/21/2013 9:16:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laabs\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 84.52% Memory free

5.50 Gb Paging File | 5.08 Gb Available in Paging File | 92.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.46 Gb Total Space | 367.23 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Drive G: | 62.87 Mb Total Space | 41.20 Mb Free Space | 65.54% Space Free | Partition Type: FAT

Computer Name: LAABS-HP | User Name: Laabs | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility

"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility

"69:UDP" = 69:UDP:*:Enabled:Print Server Utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility

"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility

"69:UDP" = 69:UDP:*:Enabled:Print Server Utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0693EACA-D33B-43A3-9467-F6A9B60A2802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{0891A2CE-8D67-48B9-B025-D2D11354A272}" = lport=445 | protocol=6 | dir=in | app=system |

"{08926C15-AB62-4AC4-A61C-4A36309309EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{08C00BCA-8393-4326-8BAB-5E9C9B2E56AF}" = lport=137 | protocol=17 | dir=in | app=system |

"{1C1539EB-7C77-496C-AABD-C9ACEC9F00D8}" = lport=10243 | protocol=6 | dir=in | app=system |

"{1C8F5F73-0DDA-45B3-843F-284D9F00C1D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2D9017CB-3446-45C0-AAD8-84FFAC0C986F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{30728465-83D0-4322-A37A-EB333DC710EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{348F2B62-DE64-40BB-8A61-62BC480F5ED8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3AA52DDD-885F-438E-8CAE-A389E80C9FF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{455B3B58-4B2E-4427-ADE0-D9E3F4104C77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6164F34A-47CC-4F0B-8B0E-AE5B4F6841B1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{71403D6F-F0E8-4034-8DAF-C861AF2BC582}" = rport=139 | protocol=6 | dir=out | app=system |

"{8E46CC73-B4C9-4127-9D7A-13D7B03BF04F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{957FEB59-4AC3-49F9-9D69-373A361B389F}" = rport=445 | protocol=6 | dir=out | app=system |

"{99D981BB-66F5-4C7C-B6FB-6DF0E2CB5396}" = rport=138 | protocol=17 | dir=out | app=system |

"{ADE15299-8BFA-42E4-825C-59BB7A008E44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B44EE2CC-E0C8-431F-BA17-8AF12764CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BF9DD4B8-2D6E-4E2A-8772-B13FDB39DC78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C5B3AD57-5F8E-4AE8-BC42-F22CE01E2127}" = lport=139 | protocol=6 | dir=in | app=system |

"{C6BDFC20-DC0C-4E48-9CC8-8C273F879E17}" = lport=138 | protocol=17 | dir=in | app=system |

"{D12E7CA0-72BD-4663-9671-B8C38CF0B811}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E7B07E60-B414-4F1C-BBF4-D30EF6A01EBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{EB9F4216-3887-4EF3-9D2A-2AFFC808AF21}" = rport=137 | protocol=17 | dir=out | app=system |

"{F33EA90D-D99E-4715-B434-DB87771EA2AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06D7AB26-1FE3-410A-B8D5-0A1B9AC8B02E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0A1146F4-939E-4353-864D-3381C43CFC65}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{158CC9C5-84B7-4384-BCF5-99F9AB07DC7D}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |

"{1687FFF0-FF9F-4144-9067-398B5A813779}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{172DF329-6427-4147-9547-B5A764830E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{1A905DFC-D244-47B5-8354-DC566BE9A3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1CB6D2D4-B1DF-4EBE-B15F-A8DAA10134CD}" = protocol=6 | dir=in | app=c:\users\laabs\appdata\local\temp\7zs5305.tmp\symnrt.exe |

"{20917619-AC86-4446-83CB-0AC88F90AAD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{264E516A-CC62-44B9-812A-480C15AE69DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{2AC19040-FC73-4E49-8F1D-6D4D4249BFBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3253BC5E-D563-4862-BFE0-01B21366B1C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{34B1D31F-AF7C-4AED-BC8A-9851CA552397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34E55A01-9AC0-4021-8FD0-8A8C71A5C571}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{38B86140-97B9-447D-BFCA-E0D423B8A9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |

"{3EE685D7-E261-411D-9FE6-88924A5E1981}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{4CDB01CA-2918-4BC1-8882-51E6DA1A68DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4ECDBA8D-1E74-435B-AB03-9B9F244A46A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{528FC862-40F0-44FD-8F40-43CED020BFB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{552FC4CF-A8B5-4FF6-A952-6476B4FBB173}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

"{57216844-B585-427C-84C6-F1745A2EA41D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{5A0D2C43-2B51-4552-A69D-04DB64CC2DFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{5B29CF4E-697B-4DB8-B3C2-E442EB01BED5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5BB7AAD0-BDDF-43AD-B84D-C040D1096B08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{5D6203A4-3B3E-46A1-984C-192E5B04B110}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{5DD55EB5-8532-4DE8-ACA0-C5D38EE1AB73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5EFC03A5-F04B-443C-8F46-48982063395B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{60596C1B-198C-483D-86C6-AE6C6B6CCF31}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{619920D3-3E4F-43D6-B1C5-A1AA97C6E069}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{692B1684-9BF8-479E-9373-58747C2D671F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{6FD39077-BE23-43BB-ACBB-D1871D95F373}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{74D41D82-0DEB-4332-9966-74A9159AD0B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{7A861A69-ADA4-4A82-94D8-49D4AB08AD8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{7AD27DFC-A98B-4331-BBC2-6783E48D5EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |

"{7C3BE289-A88A-4B87-99A6-8CC4D9774984}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{7F0A4BCD-D14A-4C79-A98B-12BD33B7EA7A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{7F75B415-377B-4BCD-8383-3B5FF18C0552}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |

"{7FAC307E-9896-407E-9FEF-CF6E32457E9F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{8425587C-432D-419F-9B17-B9372BFE4ABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{86A0A51D-8653-4648-92DF-07FDAD096096}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{88BE9B2E-B128-42CD-B35E-9E08CA6EBCD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8B5AF3D8-26AA-4EC0-9DCE-0D4A80B32296}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{92D41597-51A4-4FDE-83DF-D1493C84E515}" = protocol=6 | dir=out | app=system |

"{952D9D10-A65C-4168-A167-8BA7A971F9C1}" = protocol=17 | dir=in | app=c:\users\laabs\appdata\local\temp\7zs5305.tmp\symnrt.exe |

"{95F7755F-DE98-4311-B378-D054A7F06649}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{9B0FCAB4-12FA-419A-9DB0-EDAA4D5E4D12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9F522FF1-2299-4850-B482-7CF0D417561D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A73F672F-85CF-4FEF-B040-0267E04B38DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{ACE490CD-F077-481D-B50F-362F88EA481B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AE62BBC8-0154-4007-9A8C-B0B5CA5C4037}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

"{B13F6401-6862-49B5-8EF3-FBB248B8468E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{B1EEAE40-9F34-422C-AE8F-68976CFC42AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B20959B2-6856-40A8-BB7D-142EE2FA79AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{B66645E6-FE09-4039-BD67-99C7D4F50F64}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{B962548D-DF51-44EB-BD59-A04CFD8B4237}" = protocol=58 | dir=in | app=system |

"{BEB4579D-6270-4FE8-9910-738A3F9C65EE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C180338C-1EB1-41E4-A188-7B29577D56B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C5DDDB22-69B0-47CE-8C58-923BA6AAA508}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CA228AEB-A007-4792-BFF7-7EB417491E07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CD0A909D-C955-4EDD-9E15-5EE985695E63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{CDFC1709-EBBF-4898-9549-247ABD773992}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{D26E9E4B-716A-43ED-8584-A25F996D52E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |

"{D2E49938-0D45-4F28-A9C5-6E351845C419}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{DD30B2A0-A6B7-412C-84B0-04C8119AF799}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{E1D3CF18-11BF-4650-96F3-750CBB75B46B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{E56D1C4B-22FF-427F-BAEF-13FE710A81EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{EEBFCD19-3E7B-4274-A1DB-F4AC46D61FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{F2CCE90B-6C82-4BF3-BC76-30F5F1D3B761}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F5F2CFD2-3FE3-4AAB-93B3-31D8D6DE7746}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F695707D-1604-479D-AECE-807954B4D9B3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"TCP Query User{170E8B06-1671-45FB-A496-9F948829F837}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{68D2FC3E-7C4C-466C-A73D-5F6AB78C741E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |

"TCP Query User{B39BCDD4-92AC-4E92-93CE-5E9BACAA9816}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |

"UDP Query User{3AA09CED-B389-40BC-AFD2-34BD29997944}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |

"UDP Query User{D67727A8-4BB0-437E-89B8-97514BE430DB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{E2A89C79-BEEC-4568-8621-780A6CA3EF36}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64

"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall

"GIRDAC Port" = GIRDAC Port

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"RealVNC_is1" = VNC Enterprise Edition E4.5.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish

"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix

"{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio

"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista

"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup

"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English

"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup

"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption

"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101

"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian

"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German

"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy

"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A6D1A6E1-8A6B-4C49-8FF5-2AFEDFBFE4FA}" = Star Wars Empire at War Forces of Corruption Demo

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese

"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B16CC6D4-F1FB-4BA2-9E8C-66F693AC9E7A}" = Cabela`s Outdoor Adventures

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish

"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian

"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"ATT-SST" = AT&T Troubleshoot & Resolve Tool

"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1

"Free RAR Extract Frog" = Free RAR Extract Frog

"GIRDAC Free PDF Creator" = GIRDAC Free PDF Creator

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"My HP Game Console" = HP Game Console

"N360" = Norton 360

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PDF Complete" = PDF Complete Corporate Edition

"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.7

"PrintServer Utilities" = PrintServer Utilities

"RealPlayer 16.0" = RealPlayer

"Republic at War 1.1" = Republic at War 1.1

"Trophy Hunter 2003_is1" = Trophy Hunter 2003 - Rocky Mountain Adventures

"WildTangent hp Master Uninstall" = HP Games

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089299" = Mystery P.I. - The London Caper

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"Yahoo! Companion" = att.net Toolbar

"Yahoo! Mail" = att.net Internet Mail

"Yahoo! Software Update" = Yahoo! Software Update

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Laabs

"SOE-Clone Wars" = Clone Wars

"SOE-Free Realms" = Free Realms

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 470187

Error - 4/16/2013 10:01:41 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 470187

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 485787

Error - 4/16/2013 10:01:56 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 485787

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 500654

Error - 4/16/2013 10:02:11 AM | Computer Name = Laabs-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 500654

Error - 4/17/2013 4:16:38 PM | Computer Name = Laabs-HP | Source = RasClient | ID = 20227

Description =

[ Hewlett-Packard Events ]

Error - 8/6/2012 3:28:30 PM | Computer Name = Laabs-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/23adf72c_dd8c_4566_8348_50eb35cdffcd/jb+wwgrwh_+sbksyh6q_yoxp_15.rem'

has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 2815 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/20/2012 3:27:19 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/26/2012 11:42:50 PM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 8/27/2012 12:12:49 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/27/2012 4:00:29 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/27/2012 12:00:03 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/27/2012 8:24:27 AM | Computer Name = Laabs-HP | Source = HPSF.exe | ID = 4000

Description =

[ System Events ]

Error - 4/21/2013 10:14:57 AM | Computer Name = Laabs-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed