Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 704 results

  1. unable to quentine or remove Emsisoft Emergency Kit - Version 3.0 Last update: N/A Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 3/2/2013 2:02:40 PM \DosDevices\PhysicalDrive0 detected: Heuristic.Possible.MBR.Rootkit (A) C:\Program Files (x86)\Discount Buddy\Uninstall.exe detected: Packed.Win32.ScrambleWrapper.AMN (A) Scanned 504983 Found 2 Scan end: 3/2/2013 3:23:00 PM Scan time: 1:20:20 C:\Program Files (x86)\Discount Buddy\Uninstall.exe Quarantined Packed.Win32.ScrambleWrapper.AMN (A) Quarantined 1 OTL Extras logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BC5E76-C6DF-4E77-8F76-97DCE95ABDB3}" = rport=2869 | protocol=6 | dir=out | app=system | "{16D13A33-5225-4BF9-B519-185D249C45B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{218ACA1A-87DC-4147-9F10-BC19CBE4AE5C}" = rport=137 | protocol=17 | dir=out | app=system | "{28972538-46D6-4001-A521-541D40EB88AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3FBDC6D9-3153-406B-AF93-77AB08F6A1FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48C2577D-4B79-4BFC-86CB-368D1F0B3C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C14DFEE-AB82-42E9-8738-42F7946EF46A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59F1C414-DF4D-491B-9E2C-8E729EE5BDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5D1422D0-81FD-4ACD-ADB2-1D34AE9BF944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{661D3A98-C7A9-4548-9926-8338E2CF3BF6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7088BDCF-5394-4F8E-8582-CFA4C46DFB7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EDC9EEC-AC75-422B-BB80-37C0379602DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{871B47C6-787A-4C77-9E8A-2F388BD25440}" = lport=10243 | protocol=6 | dir=in | app=system | "{899DFCEA-0620-4C90-834A-FF32AC3B8F6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8E3E1076-AA33-47BC-98E1-751D703895CE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{94DA6173-996F-4550-8D38-B9EC8468A7B3}" = rport=138 | protocol=17 | dir=out | app=system | "{95FB2C6E-F775-4222-AB6A-07C104B89DCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D44703E-539C-4593-9533-452E23D8547E}" = lport=137 | protocol=17 | dir=in | app=system | "{9F02EA79-CE9A-412C-90F1-44BDEC77ED29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A57E084D-7130-48AA-B633-90F6C5063398}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A73CFA92-981E-4E70-BAC8-01AF179EAFCC}" = rport=139 | protocol=6 | dir=out | app=system | "{A9547648-999C-43BD-A5E1-298876805D5E}" = lport=139 | protocol=6 | dir=in | app=system | "{AC4B7DEE-31EC-4771-8905-DF9F17757F45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B6036A65-029E-44EA-BF53-71256DD863E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B636BA59-2303-450E-89A2-2FB374E10001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B6D87C6A-EC13-428B-B10D-A2101C7EA0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6ECF73C-6963-41EF-AF4E-422E68CC5DA1}" = lport=445 | protocol=6 | dir=in | app=system | "{BED5E023-A973-4DD0-89F1-41B228FC199B}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5FB6564-3AB1-4185-B694-E0830ABD0CC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0634469-6122-405B-9A8C-66F22CEE40DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E1CF1F9B-92D6-4B72-8591-2B05D4AD27F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E25D65C3-89F1-4EB6-8C5E-041D6A2D92D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4016A3A-B8A6-47C2-8363-28F1B674D709}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC39EE95-9852-4D51-99FB-E9EC86FEF0FD}" = rport=445 | protocol=6 | dir=out | app=system | "{F3E9A7C7-55DE-4311-B8FE-500C7D0D7E1D}" = lport=138 | protocol=17 | dir=in | app=system | "{F5B0EB12-345E-4657-92C1-DEFB8F9EAD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F60CC3E0-EF08-4C7A-8FB7-8D6F247C704D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07672692-4BF3-42D0-94F9-8A8659EB5AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14D07F07-F698-47E0-8B3E-7873126BEB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{18D0DF86-EACB-40E3-93EA-1D9007EE16FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{1BDFC647-21B0-47F0-BDCD-39AAEEAD6181}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C8BDA31-7F51-436B-B2ED-E7ABD85D7757}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1E03FEE4-DC47-488B-A577-09EDDF5942E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2355E435-81E9-4783-8A6F-6921342286F8}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{26CABD83-ACC4-4ACA-B0EA-6B8DAE8A00ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{28A7A94E-F92B-458C-B3F9-42E463E49B4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{36446CEE-ED20-4936-AA27-8AE59753BE59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{37A3189E-D2CA-4EF1-BA32-EFDFD3C90E64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3ABB3028-FD8B-4D1B-A3B2-FF719AD62ECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4649C50D-8BFE-4335-8A22-653A1D9E8A73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{4B4B4E50-D4DE-4EBB-95FA-28CEB7DCB929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CBB3CBF-67D8-48CA-B76F-03F78E31604F}" = protocol=1 | dir=out | [email protected],-28544 | "{4E2B87F8-2B67-4C1D-8A50-F9F47B50DBC0}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{4F6CCAAE-75ED-4AE5-B70F-ACD9C12BB7E4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{543C08E8-7D9D-4881-B971-8DAE04EC6831}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{5550A930-F6B1-4554-8D91-480FF5A90D9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{570EFBA1-A22E-41DF-A7F2-D82414437C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{576ADC4C-C0A7-4267-B987-82670ACADAAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{584FF8A9-263C-4A7C-A52B-40A31FA55C15}" = protocol=58 | dir=out | [email protected],-28546 | "{6712E082-1918-496D-A042-7FED59EDF7CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6BF2F48E-229B-4B3E-8415-43970EE1B6A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6D00C5B7-7747-4C72-BA38-1CBD6ACE4A3B}" = dir=in | app=c:\users\dml720\appdata\local\temp\7zs2159\setup\hpznui40.exe | "{6D7A38FB-D54F-4386-AB65-7BD2826A9442}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{6ECE57B6-C034-4FC9-B077-9B7ADEFB4483}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{708A373E-85D9-4786-B2D0-3E17797583E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{736A5542-7B25-423E-9AAC-78E45DAA1210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{73B27B61-50E6-4706-AD71-DD7FADD9B3C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{7B051EA2-C6E4-4E69-8CA4-EEE71906403A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{7DA30011-C186-48C7-81C4-BB8469264175}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{7DAAC3AE-595E-476B-8119-0A994D690265}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{824D11C9-BCFA-445B-A93F-7D7D8C87D0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{8377553C-C09C-45DC-B8E0-E0955273A8F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{84F21049-7719-4B09-B9AA-D23D89D315A1}" = protocol=58 | dir=in | app=system | "{87AC7548-A4D6-41EB-AA2E-DC6EC7B20CE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{8952FB03-32CB-4C3A-A8CA-BB52935E6126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98BF157B-4143-4AE1-95B5-58AC085A3F05}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{A0E5B160-AC5A-43EF-8833-9CA0407656A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7E03BA9-3159-4789-89E5-64C6FF585171}" = protocol=6 | dir=out | app=system | "{A8470DB2-9903-4BCA-AEED-8D1B75BA9441}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A92A2B49-5D53-4A81-914D-09CD0E067B45}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{B0CF0847-7561-4A4F-96F8-DD79F2355325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B0EE1B9A-1016-4F16-B91C-96A42784EE2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD346D34-7FE7-4F47-B636-3D9EB45992CE}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{BD753286-4D00-4985-912D-A4E3F5952E34}" = protocol=58 | dir=in | [email protected],-148 | "{C14C86CC-1E0A-4262-9C03-E9AFB3586064}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C5530891-2A81-4F89-9D32-6B9AD3D1A616}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5F56CC6-0D3C-4FD8-8701-16C86C8F6A71}" = protocol=58 | dir=in | [email protected],-28545 | "{D17698C8-85BE-49E9-BAED-38A27434A337}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D9910AD7-AC24-484B-B279-C8418F9D508F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{DB01E38F-BF6A-4065-A081-07274046187D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DB4562AB-0DF1-4C84-BBAE-42E3807DF978}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{DECE74DE-53E7-412E-A4A8-68BE6FDD0594}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{DFEF405E-EA88-446C-B0A4-35A8D815A728}" = protocol=58 | dir=out | [email protected],-503 | "{E27CC3A3-37F1-4E42-B386-73B13B9E4D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{EEAC0DD0-2B19-4635-B136-0B6CA8122A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0C9E019-AA3A-4FBD-9A96-1B6A8307C54B}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{F2488BAF-9197-4380-875E-FAFFD9E46309}" = protocol=1 | dir=in | [email protected],-28543 | "{F4E9EF1C-EDAE-4C66-A547-1971168DCA72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F7BC7E5C-3BE1-4665-9184-30E807C2036F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FADE70B4-F020-4856-B882-5FB8513358D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE180C51-D960-47E1-9913-ACFF4C69A500}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4F6D70CE-01D4-4E5A-98B4-94769427CB27}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{B9E50FE5-451A-4A51-90A3-CBCA9D45A7A5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1b454602-bab1-4837-95bb-f54766ae363f}" = Nero 9 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}" = H&R Block Deluxe + Efile 2011 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop "{7F7758BE-1D68-4608-83C9-F6C3DFA51202}" = SavvyConnect "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "bSaving" = bSaving "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Discount Buddy" = Discount Buddy "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Legacy 7.5" = Legacy 7.5 "Luxor" = Luxor "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "PhotoEdit995" = PhotoEdit995 "SelectRebatesUninstall" = ShopAtHome.com Toolbar "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite" = Windows Live Essentials "WT078910" = Bejeweled 2 Deluxe "WT078930" = Zuma Deluxe "WT078954" = Blackhawk Striker 2 "WT078962" = Bob the Builder Can-Do-Zoo "WT079018" = Faerie Solitaire "WT079022" = FATE - The Traitor Soul "WT079066" = Jewel Quest Solitaire 3 "WT079098" = Monopoly "WT079102" = Mystery P.I. - Lost in Los Angeles "WT079106" = Penguins! "WT079110" = Plants vs. Zombies "WT079114" = Polar Bowler "WT079118" = Polar Golfer "WT079150" = Scrabble Plus "WT079154" = The Price is Right "WT079175" = Virtual Villagers - A New Home "WT079180" = Yahtzee "WT079283" = Build-a-lot 2 "WT079316" = Escape Rosecliff Island "WT079418" = Virtual Families "WTA-2b105453-aaf1-4f72-b746-e33e7585ab3e" = Luxor ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Shockwave Game Bar Updater "Google Chrome" = Google Chrome "PlayPickle" = Play Pickle Games Console "TidyNetwork.com" = TidyNetwork.com ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/31/2012 6:24:45 AM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 11:27:22 AM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1614 Start Time: 01cde76b093eec40 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 12:26:19 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 784 Start Time: 01cde7726d8b61cc Termination Time: 671 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:06:01 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1470 Start Time: 01cde7773df3c7ec Termination Time: 1154 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:13:44 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ad8 Start Time: 01cde77745e6ff8c Termination Time: 390 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:14:12 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1700 Start Time: 01cde779e16e4044 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:42:26 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12e0 Start Time: 01cde77be4c734c4 Termination Time: 1080 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:45:41 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16bc Start Time: 01cde77bf878d504 Termination Time: 795 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:54:35 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 6:07:15 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = [ Media Center Events ] Error - 1/25/2011 7:53:11 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 3:28:24 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/11/2011 8:50:46 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 6:50:43 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 7/11/2011 10:29:30 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 8:29:19 PM - Error connecting to the internet. 8:29:19 PM - Unable to contact server.. [ System Events ] Error - 3/2/2013 11:09:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:09:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:57:32 AM | Computer Name = dml720-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:54:51 AM on ?3/?2/?2013 was unexpected. Error - 3/2/2013 11:57:37 AM | Computer Name = dml720-PC | Source = BugCheck | ID = 1001 Description = Error - 3/2/2013 12:02:58 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 3/2/2013 4:11:46 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:12:35 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:13:07 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. < End of report > OTL logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\dml720\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Discount Buddy\Discount Buddy-bg.exe (215 Apps) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block ) PRC - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\5.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\10.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\2.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\4.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\3.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\8.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\9.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\6.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\0.mdd () MOD - C:\Users\dml720\AppData\Local\TidyNetwork.com\tidy2ie.dll () MOD - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DTService) -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (USB_RNDIS) -- C:\Windows\SysNative\drivers\usb8023.sys (Microsoft Corporation) DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 83 63 6A 1B DA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{4EBAA401-578A-4D5E-9385-89869F1297FD}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS407 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80983&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin: C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll (MyFunCards) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\dml720\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/03/02 09:00:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/02/10 17:47:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\crossrider CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Discount Buddy) - {11111111-1111-1111-1111-110211671166} - C:\Program Files (x86)\Discount Buddy\Discount Buddy.dll (215 Apps) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Luth Research Browser Add-on) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [inboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\dml720\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Unable to open value key) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://206.176.111.226/activex/AMC.cab (Reg Error: Unable to open value key) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O16 - DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} http://24.111.1.76/iqweb.ocx (Iqeye Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8789A5-E15B-4335-B643-5CE18BC80551}: DhcpNameServer = 24.220.0.10 24.220.0.11 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/02 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/03/02 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\dml720\Desktop\EmsisoftEmergencyKit [2013/03/02 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7144D434-FCBE-4E4B-969A-71116C43AC3A} [2013/03/01 18:09:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPickle [2013/02/26 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Discount Buddy [2013/02/26 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Updater26766 [2013/02/26 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Discount Buddy [2013/02/26 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\TidyNetwork.com [2013/02/20 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{053346D4-6F41-4D83-BB61-BAE20331CA43} [2013/02/16 08:54:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{0BBE25EF-E36D-492E-B858-EC61E48DB27D} [2013/02/15 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7BFED39C-88BA-4121-A367-4D06593BF509} [2013/02/15 03:02:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/15 03:02:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/15 03:02:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/15 03:02:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/15 03:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/15 03:02:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/15 03:02:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/15 03:02:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/15 03:02:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/15 03:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/15 03:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/15 03:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/15 03:02:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/15 03:02:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/15 03:02:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 17:44:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 17:44:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 17:44:51 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 17:44:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 17:44:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 17:44:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 17:44:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 17:44:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 17:44:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 17:44:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/10 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{36CE039F-B14D-4A59-B3C0-D44591951CBC} [2013/02/10 17:45:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition [2013/02/02 16:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AtHomeConnect [2013/02/02 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AtHomeConnect [2013/02/02 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012 [2013/02/02 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/02 15:53:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/02 15:50:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001UA.job [2013/03/02 15:26:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/03/02 15:12:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/02 13:55:39 | 229,397,736 | ---- | M] () -- C:\Users\dml720\Desktop\EEK.zip [2013/03/02 13:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 08:57:24 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys [2013/03/02 08:57:23 | 255,953,410 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/01 05:13:32 | 002,203,327 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013/03/01 05:12:32 | 000,002,464 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/27 16:50:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001Core.job [2013/02/26 17:29:25 | 000,001,057 | ---- | M] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/26 17:13:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/26 17:13:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 17:04:00 | 000,002,374 | ---- | M] () -- C:\Users\dml720\Desktop\Google Chrome.lnk [2013/02/15 03:42:51 | 000,460,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/15 03:08:05 | 000,745,276 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 03:08:05 | 000,627,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/15 03:08:05 | 000,107,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/14 10:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini [2013/02/10 18:06:52 | 000,001,299 | ---- | M] () -- C:\Users\dml720\Desktop\Norton Installation Files.lnk [2013/02/10 17:38:59 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/02/10 17:38:59 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/02/10 17:38:59 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/02/02 16:44:16 | 000,001,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2013/01/31 20:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat [2013/01/31 20:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/02 13:47:22 | 229,397,736 | ---- | C] () -- C:\Users\dml720\Desktop\EEK.zip [2013/02/26 17:29:25 | 000,001,057 | ---- | C] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/02 16:44:16 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2012/07/03 16:41:15 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2012/06/17 16:01:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/06/10 20:22:13 | 000,007,601 | ---- | C] () -- C:\Users\dml720\AppData\Local\Resmon.ResmonCfg [2012/04/14 10:27:27 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll [2011/12/15 05:57:00 | 000,000,000 | ---- | C] () -- C:\Users\dml720\AppData\Local\{CFC9C28C-3CD5-4F58-93C3-2D14A7DA1229} [2011/08/26 16:37:39 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini [2011/06/04 08:49:09 | 000,220,876 | ---- | C] () -- C:\Windows\hpoins35.dat.temp [2011/06/04 08:49:09 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Amazon [2011/09/11 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Catalina Marketing Corp [2011/09/11 07:47:55 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\E-centives [2011/02/13 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Millennia [2010/11/25 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\OEM [2011/01/30 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Opera [2011/02/05 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\pdf995 [2012/05/09 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\SoftGrid Client [2013/02/03 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TaxCut [2011/03/02 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Tific [2011/03/02 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TP [2012/08/12 07:35:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Visan [2012/07/04 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\WildTangent [2011/02/08 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
  2. Hi there, sorry to necro an older thread, but this is precisely my issue as well. No error message other than "Can not start Online Armor Service" in a big, otherwise empty error window. I first tried to install this after installing Emsisoft Anti-Malware on my Windows Vista (Home edition) games profile. I installed Online Armor, rebooted as requested and it gave me the error. After this did not work, I went into the Admin profile, same error. Uninstalled, rebooted, went back into Admin. Reinstalled, rebooted. Same error. Closed Windows security software, ran the same process as above. Same error. I have no other Malware or Firewall software running on this machine right now. I found this thread and tried to follow the suggested download; link goes to a 404 page, so no such known file or directory. Do we have a new file I could try, or a different approach I could try, please? Thank you ~Ges
  3. Here are my logs.... Emsisoft Emergency Kit - Version 3.0 Last update: 12/12/2012 3:59:31 PM Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 12/30/2012 7:21:26 PM C:\Users\Wagner\AppData\Roaming\iercet.dll detected: Gen:Variant.Symmi.7632 (B) Scanned 402139 Found 1 Scan end: 12/30/2012 7:57:51 PM Scan time: 0:36:25 Quarantined 0 OTL logfile created on: 12/30/2012 8:11:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wagner\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.21 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.01% Memory free 6.43 Gb Paging File | 4.81 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.42 Gb Total Space | 39.81 Gb Free Space | 53.49% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 381.91 Gb Free Space | 82.00% Space Free | Partition Type: NTFS Computer Name: WAGNER-PC | User Name: Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wagner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Wagner\AppData\Roaming\iercet.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Wagner\AppData\Local\Temp\catchme.sys File not found DRV - (MpKsl019f71b9) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA23C0E6-D9D4-4FC6-828C-175209B54A23}\MpKsl019f71b9.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation) DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^RG^xdm003^V07^us&si=CP3Ex-vw4rACFcsZQgodJjH2Gg&ptb=8C8EEACF-2BA9-4A77-BF7B-108982EA3630&ind=2012062218&n=77eda20a&psa=&st=sb&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 4E D2 57 73 0A CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CA67FE69-6743-4A6F-9FA4-06B72806EA7A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CA67FE69-6743-4A6F-9FA4-06B72806EA7A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^RG^xdm003^V07^us&si=CP3Ex-vw4rACFcsZQgodJjH2Gg&ptb=8C8EEACF-2BA9-4A77-BF7B-108982EA3630&ind=2012062218&n=77eda20a&psa=&st=sb&searchfor={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Wagner\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wagner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin O1 HOSTS File: ([2012/10/01 10:24:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKCU..\Run: [iercet] C:\Users\Wagner\AppData\Roaming\iercet.dll () O4 - HKCU..\Run: [igfxalua] rundll32 "fonttend.dll",CreateProcessNotify File not found O4 - HKCU..\Run: [mshui] C:\Users\Wagner\AppData\Roaming\mshui.dll (CodeGear) O4 - HKCU..\Run: [sieans] rundll32.exe "C:\Users\Wagner\AppData\Roaming\sieans.dll",_Fast File not found O4 - HKCU..\Run: [uidplp] C:\Users\Wagner\AppData\Roaming\uidplp.dll (ALPS Electric Co., Ltd.) O4 - HKCU..\Run: [wragr] rundll32.exe "C:\Users\Wagner\AppData\Roaming\wragr.dll",AsDouble File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: reyrey.com ([www.gs] https in Trusted sites) O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player) O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.gs.reyrey.com/clientdll/arview2.cab (ActiveReports Viewer2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CM_AdvancedCAB https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB (Reg Error: Key error.) O16 - DPF: PrintTemplateViewerCab https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09EFADD9-4EF4-45EA-A2BA-16BDB4FD091A}: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D42708D-1AF2-49A8-8D58-BCC7EFF4E8EE}: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF04ECDD-77D2-413D-BD79-B61A193E4A66}: DhcpNameServer = 192.168.0.1 205.171.3.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/30 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\Programs [2012/12/22 03:20:51 | 000,608,768 | ---- | C] (ALPS Electric Co., Ltd.) -- C:\Users\Wagner\AppData\Roaming\uidplp.dll [2012/12/22 03:01:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/22 03:01:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/21 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Roaming\Unity [2012/12/21 14:32:29 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/12/19 03:04:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/19 03:04:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/19 03:04:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/19 03:04:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/19 03:04:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/19 03:04:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/19 03:04:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/19 03:04:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/18 16:06:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/18 16:06:40 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012/12/18 16:06:40 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/12/18 16:06:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012/12/18 16:06:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012/12/18 16:06:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/18 16:06:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012/12/18 16:06:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/18 16:06:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/06 14:36:35 | 000,166,400 | ---- | C] (CodeGear) -- C:\Users\Wagner\AppData\Roaming\mshui.dll [2012/12/01 10:22:07 | 000,000,000 | ---D | C] -- C:\Users\Wagner\Desktop\Calendar [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/30 19:54:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/30 18:47:18 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/30 18:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/30 16:39:17 | 000,000,261 | ---- | M] () -- C:\Users\Wagner\Desktop\K'NEX Model Instructions.url [2012/12/28 14:15:43 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 14:15:43 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/22 03:23:52 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/22 03:23:52 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/22 03:21:20 | 000,342,528 | ---- | M] () -- C:\Users\Wagner\AppData\Roaming\iercet.dll [2012/12/22 03:20:56 | 000,608,768 | ---- | M] (ALPS Electric Co., Ltd.) -- C:\Users\Wagner\AppData\Roaming\uidplp.dll [2012/12/22 03:19:27 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/22 03:18:55 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys [2012/12/21 09:43:29 | 000,001,307 | ---- | M] () -- C:\Users\Wagner\Desktop\ROBLOX Player.lnk [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/12/13 22:54:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/13 22:54:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/06 14:36:35 | 000,166,400 | ---- | M] (CodeGear) -- C:\Users\Wagner\AppData\Roaming\mshui.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/30 16:39:17 | 000,000,261 | ---- | C] () -- C:\Users\Wagner\Desktop\K'NEX Model Instructions.url [2012/12/22 03:21:17 | 000,342,528 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\iercet.dll [2012/11/22 16:35:27 | 000,235,958 | ---- | C] () -- C:\ProgramData\tbqafzfjdsysgzc [2012/09/21 21:18:13 | 000,000,000 | ---- | C] () -- C:\Users\Wagner\defogger_reenable [2012/05/05 12:02:26 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe [2012/05/05 12:02:12 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll [2012/05/05 11:59:01 | 000,037,376 | ---- | C] () -- C:\Windows\unlite.exe [2012/05/05 11:58:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\wddx_com.dll [2012/05/05 11:58:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2012/05/05 11:58:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll [2012/05/05 11:58:36 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2012/02/16 20:22:56 | 000,000,200 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/01/25 19:34:48 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012/01/17 09:32:52 | 000,023,091 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012/01/17 09:31:47 | 000,037,845 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\Comma Separated Values (Windows).ADR [2011/11/19 19:43:37 | 000,000,471 | ---- | C] () -- C:\Windows\iScreensaver.ini [2011/06/13 14:35:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012/11/15 03:32:52 | 000,000,000 | ---D | M] -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EGaD.Desktop [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/02/01 14:16:53 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Azureus [2012/09/21 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Boaf [2012/12/22 03:21:08 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Dropbox [2012/12/30 13:32:50 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\FileZilla [2012/05/20 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Ilium Software [2011/11/19 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\iScreensaver [2012/11/17 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\MotoCast [2012/08/03 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Motorola [2012/12/13 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Motorola Mobility [2012/03/28 15:35:54 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Oberon Media [2012/05/05 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Polkast [2012/03/28 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Tower Builder Game [2012/12/21 14:58:42 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Unity [2012/09/19 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Uvfeod [2012/08/03 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\ZumoCast ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:19AD1878 < End of report > OTL Extras logfile created on: 12/30/2012 8:11:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wagner\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.21 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.01% Memory free 6.43 Gb Paging File | 4.81 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.42 Gb Total Space | 39.81 Gb Free Space | 53.49% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 381.91 Gb Free Space | 82.00% Space Free | Partition Type: NTFS Computer Name: WAGNER-PC | User Name: Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4718345A-DB56-4DFC-869D-422DB2493611}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | "{4BEE8382-B0F3-429D-8F2B-C0AE7441EFC8}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{72D71CB9-7E26-48C8-AEFF-71448F2BA1E7}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AE07EC12-9685-49D6-A06F-B45D32298661}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{B3829E18-974F-4630-98E2-B5D077B74379}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{8EB0F613-7EA2-4BAA-BA73-5613AA51FA1A}C:\program files\motorola mobility\motocast\motocast.exe" = protocol=6 | dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "TCP Query User{9182F70B-E8FC-4C43-BACC-1CA81F5263E1}C:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=6 | dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "TCP Query User{9DA38CC0-2DDF-41DD-8B50-022C76514499}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "TCP Query User{A4343BF1-6B79-4DD5-9195-1E3A8F60354E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | "UDP Query User{37C44FC7-BD93-4AF4-A2AF-2797621D570E}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "UDP Query User{645B4E18-FF19-4F0F-A147-159892DC2A95}C:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=17 | dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "UDP Query User{C5FE8901-A259-4023-B6F2-E8F129C0E77A}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | "UDP Query User{E699CB19-1C73-44CA-B69A-209A7469CD17}C:\program files\motorola mobility\motocast\motocast.exe" = protocol=17 | dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK "{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}" = Macromedia HomeSite 5 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005673}" = Tower Builder "{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help "{888148E5-C3AE-4CF4-B50D-7CBF7A16AECD}" = Screenshot It Enabler "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010 "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "FileZilla Client" = FileZilla Client 3.5.3 "Google Calendar Sync" = Google Calendar Sync "HECI" = Intel® Management Engine Interface "Ilium Software eWallet GO!_is1" = eWallet GO! 1.1.2 "InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "PROR" = Microsoft Office Professional 2007 "TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5) "TopStyle Lite (Version 2)" = TopStyle Lite (Version 2) "ZumoCast" = ZumoCast ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Wagner "Dropbox" = Dropbox "HomeSite 4.5" = HomeSite 4.5 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/17/2012 2:04:36 PM | Computer Name = Wagner-PC | Source = MsiInstaller | ID = 11316 Description = Error - 11/18/2012 2:38:23 PM | Computer Name = Wagner-PC | Source = VSS | ID = 12344 Description = Error - 12/1/2012 4:23:28 PM | Computer Name = Wagner-PC | Source = Application Hang | ID = 1002 Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1584 Start Time: 01cdd001956db16f Termination Time: 10 Application Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Report Id: f008505b-3bf4-11e2-811c-002564e17e25 Error - 12/17/2012 7:28:21 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x01bff830 Faulting process id: 0xf54 Faulting application start time: 0x01cddcac7254effb Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 713f3953-48a1-11e2-97de-002564e17e25 Error - 12/18/2012 8:44:58 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x016df830 Faulting process id: 0xd70 Faulting application start time: 0x01cddd7b820a7a51 Faulting application path: C:\Windows\System32\rundll32.exe Faulting module path: unknown Report Id: 4ffa63fe-4975-11e2-8297-002564e17e25 Error - 12/21/2012 1:42:27 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0002b5f0 Faulting process id: 0xd48 Faulting application start time: 0x01cddddb88e4f025 Faulting application path: C:\Windows\System32\rundll32.exe Faulting module path: C:\Windows\system32\ole32.dll Report Id: c8df5ecd-4b95-11e2-b217-002564e17e25 Error - 12/21/2012 1:55:43 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00052d86 Faulting process id: 0xe64 Faulting application start time: 0x01cddddb8a527bf1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a36afc59-4b97-11e2-b217-002564e17e25 Error - 12/22/2012 7:47:12 AM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_iercet.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x008a6a90 Faulting process id: 0x1250 Faulting application start time: 0x01cde03677952e31 Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 5260440c-4c2d-11e2-b20f-002564e17e25 Error - 12/22/2012 7:47:13 AM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_iercet.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x80000001 Fault offset: 0x00610072 Faulting process id: 0x1250 Faulting application start time: 0x01cde03677952e31 Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 531480bd-4c2d-11e2-b20f-002564e17e25 Error - 12/30/2012 8:49:51 PM | Computer Name = Wagner-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 684 Start Time: 01cde6ef25aa535b Termination Time: 31 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: f7c5f523-52e3-11e2-b20f-002564e17e25 [ OSession Events ] Error - 9/26/2012 2:29:49 PM | Computer Name = Wagner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/6/2012 11:38:03 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/6/2012 3:55:53 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/6/2012 10:23:03 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/7/2012 11:04:27 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/7/2012 8:48:04 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/8/2012 4:41:34 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/8/2012 10:06:27 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/9/2012 5:14:53 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/9/2012 7:56:56 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/10/2012 6:00:14 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. < End of report > Thanks!!!
  4. Hey i had started a topic before but it was closed because i was gone for the weekend and did not reply. Anyway I did not get very far in the thread. I am attaching the pre work logs and also the combofix which i was told to run but thats as far as i got. My problem is that google was redirecting my browser and the computer was running slow Through some virius scans i think i was able to fix the google redirect but for some reason i think its still there. Also every time i scan its saying that my system has trojans or file recovery malware. Any help would be apperciated!
  5. Since past few days Duplicate cleaner(DC) would not start its GUI eventhough the Process Explorer lists it as started. Already it has been remembered allowed. I closed OA completely , and then on clicking Duplicate cleaner it would start immediately. Starting fresh , in a new session I removed the entry of DC from OA , and started DC. For all the alerts from OA , it was allowed and remembered and then DC opened without issues. I closed DC tried to restart, it would not start , former problem coming up once again. It seems strange that problems like these are propping up now and then after the incemental updates? An easy solution of trusting or excluding them might not be the right approach of what could be some sort of a deficiency.
  6. Since installing the free version I notice that some programmes seem to stall for a while. For instance I created an email in Outlook Express and then tried to send it. It is configured for automatic spell check. It hit the first word and then stalled, I could not exit the spell checker, It took some time before it went to the next word and then stalled on that, again I could not exit the spell checker, I just had to wait for the programme to do it’s own thing. It’s not just with OE, I have had the same problem with word. Are then any logs etc I can use to find out what is happening? Running Msoft *STALL* Security essentials I created this message in Word before pasting it online to the forum. Word stalled at this point *STALL*, I opened Msoft Security essentials to check it was up to date, closed it and then word would not respond for a couple of seconds. XP all updates
  7. Hi, I am a recent convert to the malware software (have used the firewall for several years. I allowed it to upgrade to the Beta v7 recently and have encountered the following problem if opening Outlook Professional 2003 under the following circumstance. This is running on a DELL Latitude D810 and running XP sp 3 (upto date with microsoft patches) When attempting to open Outlook while a deep scan (or custom) scan is running, Outlook appear to hang and has to be closed down to exit. The following message then appears "Outlook experienced a serious error the last time the add-in 'emisoft anti-malware was opened'. Would you like to disable this add-in? To reactivate this add-in, click About Microsoft Outlook on the Help menu, then click disabled items.' EmiSoft Anti-Malware version 7.0.0. On-Line Armor Firewall (Free) version 5.11.395 - SHould this still be the Free version despite my having purchased the suite? OS details: OS Name Microsoft Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600 OS Manufacturer Microsoft Corporation System Name JNB-LPT-GSOL System Manufacturer Dell Inc. System Model Latitude D810 System Type X86-based PC Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2128 Mhz BIOS Version/Date Dell Inc. A05, 2006/03/20 SMBIOS Version 2.3 Windows Directory C:\WINDOWS System Directory C:\WINDOWS\system32 Boot Device \Device\HarddiskVolume1 Locale South Africa Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)" User Name xxxxxxxxxxxxxxxxxxxxxxx Time Zone South Africa Standard Time Total Physical Memory 2,048.00 MB Available Physical Memory 1.09 GB Total Virtual Memory 2.00 GB Available Virtual Memory 1.96 GB Page File Space 4.85 GB Page File C:\pagefile.sys
  8. A OAP window opened with the legend "OA update" with a red circle and a white x in it. So I have tried to do a manual update of Product and also Signatures etc. Various error messages have been:- 1. Access violation at (the window closed too quickly for me to see where) 2. Socket error 10054. Connection reset by peer. 3. OA cannot process online updates. Please check internet connection settings or contact support History shows that the update failed. I have probably missed some important info that you need, so - all, and/or any help would be appreciated by this techie dumbo
  9. I signed up for your service last month because of infections I had, various trojans, etc. Just last week I was notified by Microsoft, I guess, that my email of 15 years (on their MSN.com system) was hacked. My email is so old I can't even recall the answer to the security question ... or I got it right and I'm being tricked. Microsoft, being the idiots they are, refuse to respond to their own request for help and offer no assistance even though they closed the account. But my question is how did I get hacked when your system was up and fully operational? Assuming I'm being tricked and the messages aren't really from Microsoft, this means the hackers got by your system. If not, how can MSN (which is basically Hotmail) get so hacked that even they cannot open my account? I'm confused and angry. Allan
  10. After activating BM to visit my bank web site, I canceled BM but the window wouldn't close as it normally does when changing one of the settings in the GUI (is that what the little window is called?) I had to click in another part of the browser window to get it to close. A little later the error message that oasr.exi has encountered an error and needs to close. So I closed down OAP and the browser to restart OA. As a matter of interest I opened the GUI again to see if BM was available again - it was still greyed out. After doing a restart of my computer, BM is still greyed out. As a not very techical bod - - - H E E E L P please
  11. Hello, I ran Emsisoft Anti-Malware earlier and had quanrantined some stuff (I'll attach that initial log, which is named "a2scan_120705-212634.txt"), and then when it found a possible Rootkit infection, I went through all of the Emsisoft Emergency Kit steps, so I'll include those text files as well. Seperately, I have run Malwarebytes Anti-Malware and other stuff, and although they have found things too, it doesn't seem as though the underlying cause (possibly the Rootkit infection) has been removed. Also worth noting, when I tried to run the browser-based (IE) Trojan scan (I think Emsisoft provides it) at "windowssecurity.com/trojanscan" it would always crap out and close the browser unexpectedly after a few minutes, but I managed to grab a screen shot which mentions that it found "Trojan.Win32.Tracur!IK" before it closed the browser one time. I will attach that screen shot (trojan_scan.jpg) as well, if this forum lets me. Btw, I was running the scan on the infected PC via a VPN connection at the time (so you'll see a desktop within a desktop), but I have also tried running the browser-based scan tool directly on the PC, also to no avail. In addition to the attachments that you request from folloing the steps of the Emsisoft Emergency Kit, I will also include an attachment (text file) from a Malwarebytes Anti-Malware scan that I ran today, and I can also send some log files from other scans I have run recently. I think this PC got infected about a two weeks ago or so, and we're not sure where/how. Anyway, I would appreciate any insights that can help me solve this issue before I end up contacting one of my IT support guys, since I figured I would give it a shot first, having solved this kind of stuff in the past, even if with some help and pointers from experts and forums like you. I will be happy to spread to good word about you guys if you're able to help me out, and appreciate any advice in any case. I can be reached at email address removed to avoid spamming (yes, I'm a guitar head when I'm not geeking out on the computer, ha-ha)... Thanks!
  12. MY PC is infected and I need assistance. It's a virus that tries to open my thunder bird email with a false certificate and send spam out using my contacts list. Attached are the files requested in the starting point instructions. Please let me know what the next steps are. Thanks!
  13. I'm sorry if someone has already posted something like this before, but I couldn't find one. So, a Windows XP computer got the "System Check" virus which was removed. Asquared Anti-malware and Online Armor werer then installed on the computer. After a hour or so whenever I would go to the taskbar to the start menu, clock, etc. the mouse would select something immediately and open it. When the computer was connected to the internet, Firefox would go to random pages constantly. I also noticed that Asquared's guard and the firewall was off and I couldn't turn it back on. (The computer was not connected to the internet at this point) I ran a deep scan with Asquared and nothing came up. I restarted the computer and the blue screen of "Disk Check" came up. (Didn't before) But before I could do anything, after about 3 seconds a "key" was pressed to stop the disk check. I didn't press anything on the keyboard. I knew it had to be some form of Malware. I tried pressing F8 to get into safe boot BUT when I get to the screen it would show up for a second then "Start normally" would be highlighted and selected. I tried different keyboards and it happened. I couldn't open anything because it would be closed, and I could only start the Task Manager. I didn't see anything out of the ordinary in processes but cpu and memory were at 100% used...and nothing was running. Anyways, eventually I booted into safemode (By starting 'msconfig') and the problems persisted. I finally removed the "Virus" by finally getting asquared's guard to start again in safe mode. I ran a deep scan and this time a few "medium" level trojans were found. I can't remember what they were (I'm not going to work on the computer again till this Saturday) but they did consist of "DX" in the name and they were .exe. I removed them but the computer was still sluggish and firefox and other programs wouldn't run. I ended up manually going to the .temp folder where Asquared found the medium level trojans and moving ALL of them to Asquared's quarantine. (There were many more malicious sounding names in notepad files and .exe's that asquared didn't find anything bad in) After deleting them in Asqaured the compuer was fine again. NOTE: I tried running TDSS Killer and it wouldn't start. I want to know if anyone knows what this virus is and why asquared was disabled and couldn't find them. Also, did this virus have to do with System Check? Thank you for your time and sorry if someone has posted this before. Oh! And also is it possible this virus could come back again if the computer was connected back to the internet? (Since Asquared and the firewall were disabled by it.)
  14. 1st, Happy New Year 2 everybody! {XP Pro; SP3 32bit; EAM v6.0.0.52 beta} EAM scheduled scan was performed today & got stuck forever on System.Device.ni.dll, (immage attached), which belongs to Microsoft® .NET Framework Recent updates for .NET(s) were issued by MS today (consider offset time zone) I'd just closed EAM & carried on with my work ... sure that is a bug To devs: please tell if any additional info required Thanks
  15. Dear Sirs, I have been using Emsisoft antimalware for the last 3 years and fully enjoyed with your program ! I hope that you will help me. The trackball of my notebook Flybook V5 failed to respond. But when I use another mouse via USB port - this external mouse works. In order to check the notebok for viruses I loaded the latest version of Emsisoft Anti-malware and lanched it. The rootkit Virus.Boot.DefoIE2 was found. The screenshot is attached as bmp file. Then I loaded Emergency kit and followed instructions, but the rootkit was not found ! The log files are enclosed. Please, help me to solve the issue and remove the Boot virus. Thank you in advance , Best regards, Roman email address removed by moderator to avoid spamming
  16. Hello. My Anti-Malware don't start. I tried: - few reboots - reinstall with cleaning registry* - turning Online Armor, Windows Defender and Windows Firewall off But my lovely anti-virus still don't run. * Had to clean registry - installer was seeing that Anti-Malware is installed after uninstall. Programs used to clean: CCleaner (with CCEnhancer) and Glary Utilities. It shows an error when it starts: It means: Serious problem don't let to start application. Anti-Malware can't connect with his service. Please reboot your PC and check if problem happens again. If yes - contact with support. Any ideas how to fix it? This problem happened just today. Yesterday all was okay. Edit: Problem fixed... something in one file. No idea what, but it let me to delete easly (just to trash and then clean it). Well, some malwares really suck Block anti-virus, but they let to be deleted. But really bad for Emsisoft that it allowed to be closed by some bad virus/trojan/malware or whatever it is.
  17. Hello, according to Security Status File Guard is off (and available in paid version only). But File Guard icon is on and warns about shutting down Guard if closed. So in what state is File Guard; on or off?
  18. Dear Support, I have observed a long term problem with Online Armor's HIPS feature on my server PC, it eats all the CPU cycles and I set-up a batch file to check the status of the program and reboot the PC via a chkdsk on the reboot which fixes what ever the problem is. I suspect Online Armor is not able to finish writing a file during a former pre-scheduled shut-down which is on a time schedule each day. I need a solution OR a way to reduce the CPU priority to below normal on OA to enable my Batch file to run properly to reboot, (as when this situation occurs everything on the PC stalls out, and I end up with a whole load of delayed processes all trying to run at once, further de-stabilising the PC), I need my Batch file to complete the reboot command in chkdsk mode cycle, as the PC becomes totally unresponsive due to online armor using cpu as high as 95% and not allowng my batch file, or any other process to run to complete the reboot cycle. I have enclosed some important specifications below to assist in finding a solution. Regards Michelle --------------------------------------------------------------------------------------- Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail) Date 2011-11-18 Time 20:01 Computer: Computer Type ACPI Uniprocessor PC Operating System Microsoft Windows XP Home Edition OS Service Pack Service Pack 3 Internet Explorer 8.0.6001.18702 DirectX 4.09.00.0904 (DirectX 9.0c) Computer Name GARAGEPC User Name xxxx Logon Domain xxxxxxxxx Date / Time 2011-11-18 / 20:01 Motherboard: CPU Type Intel Celeron, 2400 MHz Motherboard Name MSI 651M-L (MS-7005) (3 PCI, 1 AGP, 1 CNR, 2 DDR DIMM, Audio, Video, LAN) Motherboard Chipset SiS 651 System Memory 768 MB (PC2700 DDR SDRAM) DIMM1: 512 MB PC2700 DDR SDRAM (3.0-4-4-8 @ 166 MHz) DIMM2: Kingston K 256 MB PC2700 DDR SDRAM (2.5-3-3-7 @ 166 MHz) (2.0-3-3-6 @ 133 MHz) BIOS Type Award (10/06/04) Communication Port Communications Port (COM1) Communication Port ECP Printer Port (LPT1) Display: Video Adapter NVIDIA Quadro4 900 XGL (128 MB) 3D Accelerator nVIDIA Quadro4 900XGL Monitor Acer AL1715 [17" LCD] (ETL2102177) Multimedia: Audio Adapter Realtek ALC655 @ SiS 7012 Audio Device Storage: IDE Controller SiS PCI IDE Controller Storage Controller ALSAQL6Q IDE Controller Storage Controller NERO IMAGEDRIVE SCSI Controller Floppy Drive Floppy disk drive Disk Drive ExcelStor Technology J360 (60 GB, 7200 RPM, Ultra-ATA/100) Disk Drive Maxtor 6Y080L0 (80 GB, 7200 RPM, Ultra-ATA/133) Optical Drive DGVM 5Q34TAV4DQR SCSI CdRom Device Optical Drive DVDRW IDE1008 (DVD+RW:8x/4x, DVD-RW:4x/2x, DVD-ROM:12x, CD:40x/24x/40x DVD+RW/DVD-RW) Optical Drive NERO IMAGEDRIVE2 SCSI CdRom Device (Virtual CD-ROM) Optical Drive NERO IMAGEDRIVE2 SCSI CdRom Device (Virtual CD-ROM) SMART Hard Disks Status OK Partitions: C: (NTFS) 17084 MB (7451 MB free) D: (FAT32) 2019 MB (1193 MB free) E: (FAT32) 39978 MB (2911 MB free) I: (NTFS) 33996 MB (924 MB free) J: (NTFS) 22622 MB (141 MB free) Total Size 113.0 GB (12.3 GB free) Input: Keyboard HID Keyboard Device Mouse HID-compliant mouse Network: Primary IP Address 10.10.2.10 Primary MAC Address 00-11-09-01-CB-3F Network Adapter SiS 900-Based PCI Fast Ethernet Adapter (10.10.2.10) [ Motherboard ] Motherboard Properties: Manufacturer MICRO-STAR INTERNATIONAL CO., LTD Product MS-7005 [ Chassis ] Chassis Properties: Chassis Type Desktop Case [ Memory Controller ] Memory Controller Properties: Error Detection Method None Error Correction None Supported Memory Interleave 1-Way Current Memory Interleave 1-Way Supported Memory Types DIMM, SDRAM Supported Memory Voltages 3.3V Maximum Memory Module Size 1024 MB Memory Slots 2 [ Processors / Intel® Celeron® CPU ] Processor Properties: Manufacturer Intel Version Intel® Celeron® CPU External Clock 100 MHz Maximum Clock 4000 MHz Current Clock 2400 MHz Type Central Processor Voltage 1.5 V Status Enabled Upgrade ZIF Socket Designation Socket 478 [ Caches / Internal Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Back Maximum Size 20 KB Installed Size 20 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation Internal Cache [ Caches / External Cache ] Cache Properties: Type External Status Enabled Operational Mode Write-Back Maximum Size 128 KB Installed Size 128 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation External Cache [ Memory Modules / A0 ] Memory Module Properties: Socket Designation A0 Type DIMM, SDRAM Installed Size 512 MB Enabled Size 512 MB [ Memory Modules / A1 ] Memory Module Properties: Socket Designation A1 Type DIMM, SDRAM Installed Size 256 MB Enabled Size 256 MB [ Memory Devices / A0 ] Memory Device Properties: Form Factor DIMM Type SDRAM Type Detail Synchronous Size 512 MB Total Width 64-bit Data Width 64-bit Device Locator A0 Bank Locator Bank0/1 Manufacturer None Serial Number None Asset Tag None Part Number None [ Memory Devices / A1 ] Memory Device Properties: Form Factor DIMM Type SDRAM Type Detail Synchronous Size 256 MB Total Width 64-bit Data Width 64-bit Device Locator A1 Bank Locator Bank2/3 Manufacturer None Serial Number None Asset Tag None Part Number None [ System Slots / PCI0 ] System Slot Properties: Slot Designation PCI0 Type PCI Usage Empty Data Bus Width 32-bit Length Long [ System Slots / PCI1 ] System Slot Properties: Slot Designation PCI1 Type PCI Usage Empty Data Bus Width 32-bit Length Long [ System Slots / PCI2 ] System Slot Properties: Slot Designation PCI2 Type PCI Usage Empty Data Bus Width 32-bit Length Long [ System Slots / AGP ] System Slot Properties: Slot Designation AGP Type AGP Usage Empty Data Bus Width 32-bit Length Long
  19. Hi, I upgraded to version 6 yesterday(valid license for 309 days) and I have problem with GUARD:Surf Protection host rules. With previous version ,I had Malware hosts in Block and notify mode and I created host rules for sites I was trusted(I use megaupload and hotfile for storing files). In version 6 , I created the same rules but it is still blocking access to these sites. It doesn't recognise host rules created by the owner... I create a host rule , press ok to configure the rule and when I open again the Surf protection window the rule I created does not exist... I tried rebooting but still the same... Now I have Malware hosts in Alert mode and everytime I try to connect to these sites I see a pop up alert-window. Ofcourse this is very annoyning.... I use vista x86 sp2 p.s. I attached 2 screenshots... I created a rule for Megaupload(don't block), I checked that the rule changed , closed the applications window and opened it few seconds later... my rule had disappeared.
  20. Assume I closed and shutdown OA. How exactly do I restart OA but NOT from Start menu but from WinExplorer? It seems to me that TWO programs must be double clicked: oasrv.exe AND oaui.exe Is this true? Is there no way to e.g. only click oaui.exe and this prgm. starts implicitely oasrv.exe as well? Peter
  21. Hi everyone, Since we just kicked off the Emsisoft Anti-Malware 6.0 closed beta tests we thought it would be a good time to give everyone a little sneak peek of the new version. What is new? New multi-core optimized scan engine The biggest change in Emsisoft Anti-Malware is a completely new and multi-core optimized scanning engine. As a result Emsisoft Anti-Malware 6.0 is on average 450% faster than Emsisoft Anti-Malware 5.1 when it comes to on-demand scans! Direct disk access scan mode The new scan engine features a special direct disk access mode. Using this direct disk access mode we are able to circumvent and detect all currently active file based rootkits. Advanced caching mechanisms Another feature of the new scan engine is an advanced caching mechanism. Emsisoft Anti-Malware is able to learn from the files on your system, recognizing files that are trustworthy and skipping them in future scans if they haven't changed. Due to this the performance impact of the Emsisoft Anti-Malware File Guard has been greatly reduced. Drastically improved boot times Due to several optimizations we made, we were able to drastically reduce the impact Emsisoft Anti-Malware has on the boot process. Internal rating system to further reduce false positives on well known files Emsisoft Anti-Malware 6.0 uses the information it gathers from various sources including the advanced cache to recognize and prevent false positives. Entirely new license system Quite a few of our customers thought the account based licensing system was a bit inconvenient. We took this criticism as motivation to switch Emsisoft Anti-Malware (and later all other Emsisoft products) over to a completely new key based licensing scheme. As a result you no longer need a special account to use Emsisoft Anti-Malware. Another feature of the new licensing scheme is a unique referral program that allows users to obtain or extend licenses by referring our products to friends and family. As well as dozens of other small changes ... Screenshots Everyone likes pretty pictures, right? So how about some pretty pictures with a few explanations? Since we have the new license scheme in place we no longer require you to create an account to get the 30 day trial, so the 3 day trial mode became kind of useless. It looks a lot better with only 3 options anyways, right? Remember the old user creation and login dialogs? They are gone and they surely won't be missed . Instead you will just see a single license key dialog, that will even be skipped if we recognize your system already based on its hardware. Multiple licenses can be assigned to the same key. If you want to install Emsisoft Anti-Malware on a new system but don't have a free license left, you can easily reassign the license from an older system in a very convenient way. Of course this dialog will be skipped if we recognize your system already or you have free license slots left. You will be able to reassign each and every license a limited amount of times per day. So even if you switch your system more often than your underwear we won't bother you with manual resets that have to be performed by our support staff. An option has been removed to perform certain integrity checks as soon as Emsisoft Anti-Malware is started. This feature was added at a time when Emsisoft Anti-Malware lacked protection from manipulation of it's own files. It was replaced by a much more effective protection mechanism in the meanwhile so we removed it. Quite a few people were a bit puzzled by the occurrence of sudden GUI freezes in the past, such as the step right after update in the wizard, where we load the signature databases. We took care of them and replaced them with status indicators so the user is no longer left in the dark when something is happening that may have an impact on the responsiveness of the user interface. This is the new license tab. Don't worry about the serial displayed here. You can simply disable the display of the serial using the Permission system integrated into Emsisoft Anti-Malware. The new custom scan window reveals the new options to control the advanced caching and direct disk access mode. If you look closely you can see one option missing: The old "Heuristics" checkbox. We greatly reworked the heuristics in the new scan engine and brought down the false positives caused by it to effectively 0. As a result heuristics are now enabled by default. The new direct disk access mode of the scan engine is able to see through even the most sophisticated rootkits. In this case we scanned a system infected with TDL-3 - arguably the hardest to detect file based rootkit today. When will it be out? We expect a release within the next few months. If you can't wait that long: We started the closed beta test today. So if you speak English, know how to use Windows, have a curious nature, like to break and get insights into things, enjoy discussing matters with like-minded people and appreciate the opportunity to talk directly to all developers and have a real impact on the product, you may want to consider joining our Tester team. We want your feedback! Have you started or found a thread about EAM 6.0 in a different forum? Do you like or dislike a specific planned change? Do you have questions about one of the new features of EAM 6.0? Don't keep them to yourself. Share them with us! Either by simply replying here or via mail.
  22. I would like know in details the use of RunSafer in Emsisoft online armor in the use of it from the context menu when running malware, malwares that make downloads of dll, exe, etc., if the rest of them after the system is running by runsafer and after the program is closed or malware warning if they will keep the system up to be "caught" by the scan and also all the applications running within the sandbox after its closure if they are in the system, how the permissions are or not denied. Finally, how working in details the runsafer. My system is Windows 7 Ultimate x64 My system in virtual machine is Windows XP SP3 x86 I would be grateful if someone could Emsisoft me to answer that question.
  23. While running a safe program like MOO disk cleaner ,there is an unnecessary oasrv spike and the running of the application is literally hanging. With OA closed the same application is very quick.
  24. Specifically, something called Gen.Variant.Kazy. I've noticed that I cannot use iTunes or Windows Defender updates - those programs cannot login, though my browser works, as does anything else that connects to the internet. The malware all seems to be located in the Windows Defender folder. Enclosed are the logs, which I hope will help... Thanks for any help you can give me!
  25. Hello, I am not very familiar with these forums, but I noticed that another user (thread closed for lack of response) seemed to have a similar problem as I have. I have a browser redirect virus/malware and I am unable to get rid of it. I used everything I could think of (Malwarebytes' Anti-Malware,CCleaner, Microsoft Securities Essentials,ATF-Cleaner, tdsskiller,SUPERAntiSpyware, Kaspersky virus removal tool, and others) but still no results. Are you familiar with this malware? And if yes, do you have any advice to get rid of it? Please find bellow and attached my 3 EEK scan reports as well and the 2 OTL scan report (OTL and Extra) Sincerely, Stephen