dml

Member
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dml

  • Rank
    Member
  1. No all is working fine. So does that wrap it up? How do I keep this from happening again?
  2. seems to be working well, except there are 2 incidents of being unable to retrieve info from 1st gadget with weather cannot find any locations therefgore no temps, second my heatlh insurace site opens but will not let me open any claims from there- may not even be related but has been this way for several days.
  3. It seems to be running quite well Thank You for your help
  4. I did finally get it, shoul I still run a new OTL log?
  5. You said to be patience on the JRT log approx how long , is there a way to tell if its froze
  6. unable to quentine or remove Emsisoft Emergency Kit - Version 3.0 Last update: N/A Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 3/2/2013 2:02:40 PM \DosDevices\PhysicalDrive0 detected: Heuristic.Possible.MBR.Rootkit (A) C:\Program Files (x86)\Discount Buddy\Uninstall.exe detected: Packed.Win32.ScrambleWrapper.AMN (A) Scanned 504983 Found 2 Scan end: 3/2/2013 3:23:00 PM Scan time: 1:20:20 C:\Program Files (x86)\Discount Buddy\Uninstall.exe Quarantined Packed.Win32.ScrambleWrapper.AMN (A) Quarantined 1 OTL Extras logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BC5E76-C6DF-4E77-8F76-97DCE95ABDB3}" = rport=2869 | protocol=6 | dir=out | app=system | "{16D13A33-5225-4BF9-B519-185D249C45B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{218ACA1A-87DC-4147-9F10-BC19CBE4AE5C}" = rport=137 | protocol=17 | dir=out | app=system | "{28972538-46D6-4001-A521-541D40EB88AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3FBDC6D9-3153-406B-AF93-77AB08F6A1FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48C2577D-4B79-4BFC-86CB-368D1F0B3C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C14DFEE-AB82-42E9-8738-42F7946EF46A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59F1C414-DF4D-491B-9E2C-8E729EE5BDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5D1422D0-81FD-4ACD-ADB2-1D34AE9BF944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{661D3A98-C7A9-4548-9926-8338E2CF3BF6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7088BDCF-5394-4F8E-8582-CFA4C46DFB7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EDC9EEC-AC75-422B-BB80-37C0379602DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{871B47C6-787A-4C77-9E8A-2F388BD25440}" = lport=10243 | protocol=6 | dir=in | app=system | "{899DFCEA-0620-4C90-834A-FF32AC3B8F6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8E3E1076-AA33-47BC-98E1-751D703895CE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{94DA6173-996F-4550-8D38-B9EC8468A7B3}" = rport=138 | protocol=17 | dir=out | app=system | "{95FB2C6E-F775-4222-AB6A-07C104B89DCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D44703E-539C-4593-9533-452E23D8547E}" = lport=137 | protocol=17 | dir=in | app=system | "{9F02EA79-CE9A-412C-90F1-44BDEC77ED29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A57E084D-7130-48AA-B633-90F6C5063398}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A73CFA92-981E-4E70-BAC8-01AF179EAFCC}" = rport=139 | protocol=6 | dir=out | app=system | "{A9547648-999C-43BD-A5E1-298876805D5E}" = lport=139 | protocol=6 | dir=in | app=system | "{AC4B7DEE-31EC-4771-8905-DF9F17757F45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B6036A65-029E-44EA-BF53-71256DD863E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B636BA59-2303-450E-89A2-2FB374E10001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B6D87C6A-EC13-428B-B10D-A2101C7EA0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6ECF73C-6963-41EF-AF4E-422E68CC5DA1}" = lport=445 | protocol=6 | dir=in | app=system | "{BED5E023-A973-4DD0-89F1-41B228FC199B}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5FB6564-3AB1-4185-B694-E0830ABD0CC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0634469-6122-405B-9A8C-66F22CEE40DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E1CF1F9B-92D6-4B72-8591-2B05D4AD27F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E25D65C3-89F1-4EB6-8C5E-041D6A2D92D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4016A3A-B8A6-47C2-8363-28F1B674D709}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC39EE95-9852-4D51-99FB-E9EC86FEF0FD}" = rport=445 | protocol=6 | dir=out | app=system | "{F3E9A7C7-55DE-4311-B8FE-500C7D0D7E1D}" = lport=138 | protocol=17 | dir=in | app=system | "{F5B0EB12-345E-4657-92C1-DEFB8F9EAD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F60CC3E0-EF08-4C7A-8FB7-8D6F247C704D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07672692-4BF3-42D0-94F9-8A8659EB5AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14D07F07-F698-47E0-8B3E-7873126BEB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{18D0DF86-EACB-40E3-93EA-1D9007EE16FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{1BDFC647-21B0-47F0-BDCD-39AAEEAD6181}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C8BDA31-7F51-436B-B2ED-E7ABD85D7757}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1E03FEE4-DC47-488B-A577-09EDDF5942E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2355E435-81E9-4783-8A6F-6921342286F8}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{26CABD83-ACC4-4ACA-B0EA-6B8DAE8A00ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{28A7A94E-F92B-458C-B3F9-42E463E49B4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{36446CEE-ED20-4936-AA27-8AE59753BE59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{37A3189E-D2CA-4EF1-BA32-EFDFD3C90E64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3ABB3028-FD8B-4D1B-A3B2-FF719AD62ECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4649C50D-8BFE-4335-8A22-653A1D9E8A73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{4B4B4E50-D4DE-4EBB-95FA-28CEB7DCB929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CBB3CBF-67D8-48CA-B76F-03F78E31604F}" = protocol=1 | dir=out | [email protected],-28544 | "{4E2B87F8-2B67-4C1D-8A50-F9F47B50DBC0}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{4F6CCAAE-75ED-4AE5-B70F-ACD9C12BB7E4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{543C08E8-7D9D-4881-B971-8DAE04EC6831}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{5550A930-F6B1-4554-8D91-480FF5A90D9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{570EFBA1-A22E-41DF-A7F2-D82414437C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{576ADC4C-C0A7-4267-B987-82670ACADAAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{584FF8A9-263C-4A7C-A52B-40A31FA55C15}" = protocol=58 | dir=out | [email protected],-28546 | "{6712E082-1918-496D-A042-7FED59EDF7CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6BF2F48E-229B-4B3E-8415-43970EE1B6A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6D00C5B7-7747-4C72-BA38-1CBD6ACE4A3B}" = dir=in | app=c:\users\dml720\appdata\local\temp\7zs2159\setup\hpznui40.exe | "{6D7A38FB-D54F-4386-AB65-7BD2826A9442}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{6ECE57B6-C034-4FC9-B077-9B7ADEFB4483}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{708A373E-85D9-4786-B2D0-3E17797583E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{736A5542-7B25-423E-9AAC-78E45DAA1210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{73B27B61-50E6-4706-AD71-DD7FADD9B3C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{7B051EA2-C6E4-4E69-8CA4-EEE71906403A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{7DA30011-C186-48C7-81C4-BB8469264175}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{7DAAC3AE-595E-476B-8119-0A994D690265}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{824D11C9-BCFA-445B-A93F-7D7D8C87D0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{8377553C-C09C-45DC-B8E0-E0955273A8F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{84F21049-7719-4B09-B9AA-D23D89D315A1}" = protocol=58 | dir=in | app=system | "{87AC7548-A4D6-41EB-AA2E-DC6EC7B20CE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{8952FB03-32CB-4C3A-A8CA-BB52935E6126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98BF157B-4143-4AE1-95B5-58AC085A3F05}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{A0E5B160-AC5A-43EF-8833-9CA0407656A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7E03BA9-3159-4789-89E5-64C6FF585171}" = protocol=6 | dir=out | app=system | "{A8470DB2-9903-4BCA-AEED-8D1B75BA9441}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A92A2B49-5D53-4A81-914D-09CD0E067B45}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{B0CF0847-7561-4A4F-96F8-DD79F2355325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B0EE1B9A-1016-4F16-B91C-96A42784EE2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD346D34-7FE7-4F47-B636-3D9EB45992CE}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{BD753286-4D00-4985-912D-A4E3F5952E34}" = protocol=58 | dir=in | [email protected],-148 | "{C14C86CC-1E0A-4262-9C03-E9AFB3586064}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C5530891-2A81-4F89-9D32-6B9AD3D1A616}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5F56CC6-0D3C-4FD8-8701-16C86C8F6A71}" = protocol=58 | dir=in | [email protected],-28545 | "{D17698C8-85BE-49E9-BAED-38A27434A337}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D9910AD7-AC24-484B-B279-C8418F9D508F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{DB01E38F-BF6A-4065-A081-07274046187D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DB4562AB-0DF1-4C84-BBAE-42E3807DF978}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{DECE74DE-53E7-412E-A4A8-68BE6FDD0594}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{DFEF405E-EA88-446C-B0A4-35A8D815A728}" = protocol=58 | dir=out | [email protected],-503 | "{E27CC3A3-37F1-4E42-B386-73B13B9E4D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{EEAC0DD0-2B19-4635-B136-0B6CA8122A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0C9E019-AA3A-4FBD-9A96-1B6A8307C54B}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{F2488BAF-9197-4380-875E-FAFFD9E46309}" = protocol=1 | dir=in | [email protected],-28543 | "{F4E9EF1C-EDAE-4C66-A547-1971168DCA72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F7BC7E5C-3BE1-4665-9184-30E807C2036F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FADE70B4-F020-4856-B882-5FB8513358D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE180C51-D960-47E1-9913-ACFF4C69A500}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4F6D70CE-01D4-4E5A-98B4-94769427CB27}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{B9E50FE5-451A-4A51-90A3-CBCA9D45A7A5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1b454602-bab1-4837-95bb-f54766ae363f}" = Nero 9 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}" = H&R Block Deluxe + Efile 2011 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop "{7F7758BE-1D68-4608-83C9-F6C3DFA51202}" = SavvyConnect "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "bSaving" = bSaving "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Discount Buddy" = Discount Buddy "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Legacy 7.5" = Legacy 7.5 "Luxor" = Luxor "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "PhotoEdit995" = PhotoEdit995 "SelectRebatesUninstall" = ShopAtHome.com Toolbar "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite" = Windows Live Essentials "WT078910" = Bejeweled 2 Deluxe "WT078930" = Zuma Deluxe "WT078954" = Blackhawk Striker 2 "WT078962" = Bob the Builder Can-Do-Zoo "WT079018" = Faerie Solitaire "WT079022" = FATE - The Traitor Soul "WT079066" = Jewel Quest Solitaire 3 "WT079098" = Monopoly "WT079102" = Mystery P.I. - Lost in Los Angeles "WT079106" = Penguins! "WT079110" = Plants vs. Zombies "WT079114" = Polar Bowler "WT079118" = Polar Golfer "WT079150" = Scrabble Plus "WT079154" = The Price is Right "WT079175" = Virtual Villagers - A New Home "WT079180" = Yahtzee "WT079283" = Build-a-lot 2 "WT079316" = Escape Rosecliff Island "WT079418" = Virtual Families "WTA-2b105453-aaf1-4f72-b746-e33e7585ab3e" = Luxor ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Shockwave Game Bar Updater "Google Chrome" = Google Chrome "PlayPickle" = Play Pickle Games Console "TidyNetwork.com" = TidyNetwork.com ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/31/2012 6:24:45 AM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 11:27:22 AM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1614 Start Time: 01cde76b093eec40 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 12:26:19 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 784 Start Time: 01cde7726d8b61cc Termination Time: 671 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:06:01 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1470 Start Time: 01cde7773df3c7ec Termination Time: 1154 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:13:44 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ad8 Start Time: 01cde77745e6ff8c Termination Time: 390 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:14:12 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1700 Start Time: 01cde779e16e4044 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:42:26 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12e0 Start Time: 01cde77be4c734c4 Termination Time: 1080 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:45:41 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16bc Start Time: 01cde77bf878d504 Termination Time: 795 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:54:35 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 6:07:15 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = [ Media Center Events ] Error - 1/25/2011 7:53:11 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 3:28:24 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/11/2011 8:50:46 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 6:50:43 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 7/11/2011 10:29:30 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 8:29:19 PM - Error connecting to the internet. 8:29:19 PM - Unable to contact server.. [ System Events ] Error - 3/2/2013 11:09:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:09:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:57:32 AM | Computer Name = dml720-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:54:51 AM on ?3/?2/?2013 was unexpected. Error - 3/2/2013 11:57:37 AM | Computer Name = dml720-PC | Source = BugCheck | ID = 1001 Description = Error - 3/2/2013 12:02:58 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 3/2/2013 4:11:46 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:12:35 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:13:07 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. < End of report > OTL logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\dml720\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Discount Buddy\Discount Buddy-bg.exe (215 Apps) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block ) PRC - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\5.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\10.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\2.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\4.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\3.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\8.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\9.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\6.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\0.mdd () MOD - C:\Users\dml720\AppData\Local\TidyNetwork.com\tidy2ie.dll () MOD - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DTService) -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (USB_RNDIS) -- C:\Windows\SysNative\drivers\usb8023.sys (Microsoft Corporation) DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 83 63 6A 1B DA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{4EBAA401-578A-4D5E-9385-89869F1297FD}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS407 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80983&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin: C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll (MyFunCards) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\dml720\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/03/02 09:00:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/02/10 17:47:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\crossrider CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Discount Buddy) - {11111111-1111-1111-1111-110211671166} - C:\Program Files (x86)\Discount Buddy\Discount Buddy.dll (215 Apps) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Luth Research Browser Add-on) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [inboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\dml720\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Unable to open value key) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://206.176.111.226/activex/AMC.cab (Reg Error: Unable to open value key) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O16 - DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} http://24.111.1.76/iqweb.ocx (Iqeye Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8789A5-E15B-4335-B643-5CE18BC80551}: DhcpNameServer = 24.220.0.10 24.220.0.11 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/02 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/03/02 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\dml720\Desktop\EmsisoftEmergencyKit [2013/03/02 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7144D434-FCBE-4E4B-969A-71116C43AC3A} [2013/03/01 18:09:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPickle [2013/02/26 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Discount Buddy [2013/02/26 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Updater26766 [2013/02/26 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Discount Buddy [2013/02/26 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\TidyNetwork.com [2013/02/20 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{053346D4-6F41-4D83-BB61-BAE20331CA43} [2013/02/16 08:54:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{0BBE25EF-E36D-492E-B858-EC61E48DB27D} [2013/02/15 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7BFED39C-88BA-4121-A367-4D06593BF509} [2013/02/15 03:02:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/15 03:02:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/15 03:02:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/15 03:02:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/15 03:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/15 03:02:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/15 03:02:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/15 03:02:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/15 03:02:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/15 03:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/15 03:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/15 03:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/15 03:02:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/15 03:02:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/15 03:02:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 17:44:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 17:44:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 17:44:51 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 17:44:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 17:44:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 17:44:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 17:44:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 17:44:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 17:44:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 17:44:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/10 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{36CE039F-B14D-4A59-B3C0-D44591951CBC} [2013/02/10 17:45:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition [2013/02/02 16:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AtHomeConnect [2013/02/02 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AtHomeConnect [2013/02/02 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012 [2013/02/02 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/02 15:53:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/02 15:50:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001UA.job [2013/03/02 15:26:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/03/02 15:12:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/02 13:55:39 | 229,397,736 | ---- | M] () -- C:\Users\dml720\Desktop\EEK.zip [2013/03/02 13:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 08:57:24 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys [2013/03/02 08:57:23 | 255,953,410 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/01 05:13:32 | 002,203,327 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013/03/01 05:12:32 | 000,002,464 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/27 16:50:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001Core.job [2013/02/26 17:29:25 | 000,001,057 | ---- | M] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/26 17:13:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/26 17:13:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 17:04:00 | 000,002,374 | ---- | M] () -- C:\Users\dml720\Desktop\Google Chrome.lnk [2013/02/15 03:42:51 | 000,460,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/15 03:08:05 | 000,745,276 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 03:08:05 | 000,627,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/15 03:08:05 | 000,107,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/14 10:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini [2013/02/10 18:06:52 | 000,001,299 | ---- | M] () -- C:\Users\dml720\Desktop\Norton Installation Files.lnk [2013/02/10 17:38:59 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/02/10 17:38:59 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/02/10 17:38:59 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/02/02 16:44:16 | 000,001,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2013/01/31 20:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat [2013/01/31 20:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/02 13:47:22 | 229,397,736 | ---- | C] () -- C:\Users\dml720\Desktop\EEK.zip [2013/02/26 17:29:25 | 000,001,057 | ---- | C] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/02 16:44:16 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2012/07/03 16:41:15 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2012/06/17 16:01:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/06/10 20:22:13 | 000,007,601 | ---- | C] () -- C:\Users\dml720\AppData\Local\Resmon.ResmonCfg [2012/04/14 10:27:27 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll [2011/12/15 05:57:00 | 000,000,000 | ---- | C] () -- C:\Users\dml720\AppData\Local\{CFC9C28C-3CD5-4F58-93C3-2D14A7DA1229} [2011/08/26 16:37:39 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini [2011/06/04 08:49:09 | 000,220,876 | ---- | C] () -- C:\Windows\hpoins35.dat.temp [2011/06/04 08:49:09 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Amazon [2011/09/11 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Catalina Marketing Corp [2011/09/11 07:47:55 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\E-centives [2011/02/13 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Millennia [2010/11/25 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\OEM [2011/01/30 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Opera [2011/02/05 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\pdf995 [2012/05/09 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\SoftGrid Client [2013/02/03 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TaxCut [2011/03/02 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Tific [2011/03/02 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TP [2012/08/12 07:35:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Visan [2012/07/04 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\WildTangent [2011/02/08 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >