Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 752 results

  1. Hello, Firslty, thank you for your products. Since Avast update last December to 2014 version, I experience issues with OA bloquing randomly internet access. Message seen on OA status page, in the update area is close to "host unfindable, socket error #11001" (translation from French). Re-start is needed every times it happens until OA updates are successful. Several re-starts are sometimes needed. In the worst case, the PC is totally bloqued. Enclosed yesterday log files, the last time I experienced this issue. Config Windows XP family SP3 Free Antivirus Avast 2014.9xxx with oacat, oahlp, oasrv and oaui processes excluded in Avast Free OA 7.0.xxx downloaded from your site with avastsvc and avastui excluded in OA No other security applications active. Free Malwarebytes AM 1.75.xxx installed (scan on demand only in the free version) Thanks beforehand for your support. Logs.rar
  2. I recently installed OA Premiun (V7.0.0.1866) on a new (i.e, replacement) computer running Windows 7 PRO SP1 64bit. The installation "Wizard" reported it was sucessful. I "ticked" the "Re-start your computer now" box and clicked "Finish". Windows closed and re-started. An OA "Welcome" window opened, I entered my license key and clicked "next". Then a strange thing happened. I got this ERROR notice: "Check your internet connection or contact Support. Socket error #11001. Host not found." Sure enough, I no longer had an internet connection. OA was listed in All Programs, but would not launch. I assumed this was because, with out internet access, the license key could not be verified . After about week of unsuccessful trouble-shooting (and no internet access), I un-installed OA and re-gained fully functional internet access! Is this just circumstantial? Or are there some incompatibility issues between OA and Windows 7?? Also, on this installation I included the option to install the "TLEM Network Service/Device Software". (Apparantly this is not a digitally signed driver according to Windows 7.) What is this "service", and could it have any connection with blocking my internet access?? At this point I am very hesitant to re-install OA. It's a great disappointment because I have been extremely satisfied with OA since May 2011 -- it is a lot more than just a "firewall"!!
  3. It is nearly 2 months since I installed the latest OA in my XP SP 3.Most of the times the applications windows (CLOSE , MAXIMISE etc or a simple OK or cancel) seem slow to react and works only on two or more clicks. This is the situation only after I installed the new OA. For a few times I tested the difference in the responsiveness with OA closed and running and can confirm that OA is causing the apparent delay perhaps due to some hooks it places by Keylogger or Screen logger feature. Seems like only I am going thru this issue as no other XP user has reported it.... Any way this was for information.
  4. I have been taken over by chrome search.conduit.com which keeps loading ads and even pornographic ads complete with sound and which repeatedly states IE has closed unexpectedly.and I am unable to attach my two notepad reports FRST and Addition and when I clicked on "Image" icon everything locked and I couldn't get out of the URL: box so my first attempt to contact you failed. I am unable to attach or cut-and-paste the two reports even using your icons. My Cleverbridge reference number is 40360250. I received a confirmation of my purchases of Online Armor Firewall and Internet Security pack and Anti-malware dated 1/4/2013. Does this mean January 4 or April 1? I bought a new computer but it appears I have downloaded my Emsisoft software. When I try to download I am told I already have the programs.
  5. a few months ago I installed HitmanPro.Alert (HMPA); obviously, I added it to the exclusion list in OA. After some short time, one (random) program stopped to respond (it didn't start at all when clicked on its icon), then another program - the same situation, and so on. When I closed OA, the programs started to respond, the same when OA was on and HMPA - off. So, it seems that HMPA is in conflict with HIPS in OA, or maybe it is a kind of HIPS itself? Could this problem be solved? Does HMPA add any additional protection to that provided by OA (a new kind of protection against ransomware, Vaccination and CryptoGuard modules, and so on). My OS is Windows XP Home SP3.
  6. 1.Logged in as Admin I was installing VLC player 2.1.1 64 bit. It installed after the necessary permissions from OA. I closed VLC player after the default opening after the installation.It is not trusted. 2. I clicked on the previously available VLC openable playlist. VLC loads as evident from the process explorer , but the VLC GUI does not load. Also from PE , it appears OA is running at more than 25% of CPU spike. So nearly a patient wait of 10 min the VLC player loads the GUI and plays the playlist. This behavior I am seeing for the first time. I suspect the high CPU is choking the subsequent modules / working of the parent program from being loaded as was evident in other issues. PS When point 2 was delayed immediately thru the PE I shut down VLC player. I also removed the entry of VLC from the OA program list. Logged off the Admin and logged in as a regular user. I clicked on the playlist. After the natural permission for VLC player from OA is agreed to , immediately it plays. So confirming that nothing is wrong with the program , once again I deleted VLC player from OA , logged off from the regular user and logged in as Admin , and repeated point 2 and waited thru patiently ( which is reported there originally). On the history list I see a long list of automatically allowed permissions for the variuous modules of OA. Why the delay? The same is for VLC 2.1.1 32 bit. Trusting is not a solution.Hope this is looked into. If this cannot be replicated perhaps I can send a debug log for this event...
  7. Please fix. I attach the requested documents. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013 Ran by Caroline (ATTENTION: The logged in user is not administrator) on PEGGY-PC on 14-11-2013 20:22:52 Running from C:\Users\Caroline\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe (Dropbox, Inc.) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH) HKLM\...\Run: [emsisoft anti-malware] - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-09-30] (Emsisoft GmbH) HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital) HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] - [x] HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-03] (Facebook Inc.) HKCU\...\Run: [uTorrent] - C:\Users\Caroline\Downloads\utorrent (1).exe [1141328 2013-11-02] (BitTorrent Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-09] (Adobe Systems Incorporated) MountPoints2: {f54d3da5-fd45-11e1-9492-806e6f6e6963} - E:\Autorun.exe Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAEB67EE94D93CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms} BHO: Price Finder - {6E89E1D3-C66F-41C4-A648-CD91544E99C3} - C:\Users\Peggy\AppData\Roaming\PriceFinder\PriceFinderHelper.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Peggy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\ONLINE~1\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR DefaultSearchURL: (Ask Search) - http://www.search.ask.com/web?p2=%5EAOF%5EYYYYYY%5EYY%5EUS&gct=&o=APN10523&tpid=OVO2V7&itbv=12.3.0.1000&doi=2013-10-07&apn_uid=F6ED6757-B8AF-46D6-963A-090256E57B19&apn_ptnrs=%5EAOF&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_10.0.9200.16576&psv=&trgb=CR&q={searchTerms} CHR DefaultSuggestURL: (Ask Search) - http://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SuperLyrics-16) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0 CHR Extension: (Google Wallet) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://start.qone8.com/?type=sc&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188 ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4153784 2013-09-30] (Emsisoft GmbH) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It) R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH) R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital ) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital) S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-09-16] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-27] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-27] (Emsisoft GmbH) R3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-11-14] (Emsisoft GmbH) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-14 20:24 - 2013-11-14 20:24 - 02252584 _____ (Premium Installer ) C:\Users\Caroline\Downloads\Setup (2).exe 2013-11-14 20:22 - 2013-11-14 20:24 - 00013553 _____ C:\Users\Caroline\Downloads\FRST.txt 2013-11-14 20:22 - 2013-11-14 20:22 - 00000000 ____D C:\FRST 2013-11-14 20:21 - 2013-11-14 20:21 - 02252584 _____ (Premium Installer ) C:\Users\Caroline\Downloads\Setup (1).exe 2013-11-14 20:21 - 2013-11-14 20:21 - 01090529 _____ (Farbar) C:\Users\Caroline\Downloads\FRST.exe 2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\EEK 2013-11-14 19:37 - 2013-11-14 19:39 - 207015984 _____ C:\Users\Caroline\Downloads\EmsisoftEmergencyKit.exe 2013-11-14 06:27 - 2013-11-14 06:36 - 00007634 _____ C:\Windows\wininit.ini 2013-11-14 00:06 - 2013-11-14 04:19 - 00000000 ____D C:\Users\Caroline\Downloads\NCIS Season 5 2013-11-02 13:14 - 2013-11-02 13:15 - 00000000 ____D C:\Users\Peggy\Documents\Eliza Spanish 10th Grade 2013-11-02 13:11 - 2013-11-14 00:03 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc 2013-11-02 13:04 - 2013-11-14 06:27 - 00000000 ____D C:\Program Files\VideoLAN 2013-11-02 13:02 - 2013-11-02 13:02 - 24278649 _____ C:\Users\Caroline\Downloads\vlc-2.1.0-win32.exe 2013-11-02 12:43 - 2013-11-02 12:43 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe 2013-11-02 12:37 - 2013-11-02 12:37 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Real 2013-11-02 12:36 - 2013-11-05 20:12 - 00000000 ____D C:\Users\Caroline\Downloads\BitTorrent-MobyInnocents-Free 2013-11-02 12:36 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Search Protection 2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\uTorrent 2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\ProgramData\Real 2013-11-02 12:34 - 2013-11-14 20:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent 2013-11-02 12:34 - 2013-11-02 12:34 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent.exe 2013-11-02 12:14 - 2013-11-02 12:14 - 00319376 _____ C:\Users\Caroline\Downloads\Setup.exe 2013-11-02 11:45 - 2013-11-02 11:45 - 00000884 __RSH C:\Users\Caroline\ntuser.pol 2013-11-02 11:21 - 2013-11-14 18:21 - 00001948 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job 2013-11-02 11:21 - 2013-11-02 11:21 - 00000000 ____D C:\Program Files\SuperLyrics-16 2013-11-02 11:20 - 2013-11-05 06:33 - 00000000 ____D C:\Program Files\MyPC Backup 2013-11-02 11:20 - 2013-11-02 11:20 - 00000884 __RSH C:\Users\Peggy\ntuser.pol 2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\downquick 2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\Tuguu SL 2013-11-02 11:17 - 2013-11-02 11:17 - 00319384 _____ C:\Users\Caroline\Downloads\Setup_V2.exe 2013-10-27 20:29 - 2013-10-27 20:29 - 00023563 _____ C:\Users\Caroline\Downloads\FRANKLIN 2.odt 2013-10-26 14:15 - 2013-11-11 17:05 - 00000000 ____D C:\Users\Caroline\Documents\Computer 2013-10-26 14:15 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\School 2013-10-26 14:13 - 2013-11-02 16:25 - 00000000 ____D C:\Users\Caroline\Documents\Various Family Members 2013-10-19 09:23 - 2013-10-19 09:23 - 00126464 _____ C:\Users\Caroline\Downloads\TELEPHONEDIRECTORYPAGE1Spring2013.xls ==================== One Month Modified Files and Folders ======= 2013-11-14 20:24 - 2013-11-14 20:24 - 02252584 _____ (Premium Installer ) C:\Users\Caroline\Downloads\Setup (2).exe 2013-11-14 20:24 - 2013-11-14 20:22 - 00013553 _____ C:\Users\Caroline\Downloads\FRST.txt 2013-11-14 20:24 - 2013-11-02 12:34 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent 2013-11-14 20:22 - 2013-11-14 20:22 - 00000000 ____D C:\FRST 2013-11-14 20:21 - 2013-11-14 20:21 - 02252584 _____ (Premium Installer ) C:\Users\Caroline\Downloads\Setup (1).exe 2013-11-14 20:21 - 2013-11-14 20:21 - 01090529 _____ (Farbar) C:\Users\Caroline\Downloads\FRST.exe 2013-11-14 20:14 - 2012-09-14 05:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2013-11-14 19:54 - 2013-03-25 07:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\EEK 2013-11-14 19:39 - 2013-11-14 19:37 - 207015984 _____ C:\Users\Caroline\Downloads\EmsisoftEmergencyKit.exe 2013-11-14 19:30 - 2012-11-07 20:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-14 18:21 - 2013-11-02 11:21 - 00001948 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job 2013-11-14 18:20 - 2013-10-03 20:15 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003UA.job 2013-11-14 17:25 - 2012-09-12 20:58 - 02025901 _____ C:\Windows\WindowsUpdate.log 2013-11-14 06:36 - 2013-11-14 06:27 - 00007634 _____ C:\Windows\wininit.ini 2013-11-14 06:27 - 2013-11-02 13:04 - 00000000 ____D C:\Program Files\VideoLAN 2013-11-14 06:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF 2013-11-14 06:25 - 2012-09-17 08:35 - 00000000 ____D C:\Program Files\Google 2013-11-14 04:19 - 2013-11-14 00:06 - 00000000 ____D C:\Users\Caroline\Downloads\NCIS Season 5 2013-11-14 02:53 - 2013-03-25 07:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-14 00:03 - 2013-11-02 13:11 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc 2013-11-13 21:20 - 2013-10-03 20:15 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003Core.job 2013-11-11 17:05 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\Computer 2013-11-10 18:34 - 2012-10-14 09:09 - 00000000 ____D C:\Program Files\Online Armor 2013-11-09 03:53 - 2009-07-13 23:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-09 03:53 - 2009-07-13 23:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-07 21:21 - 2012-09-24 18:49 - 00000000 ____D C:\Users\Caroline\Documents\Recipes 2013-11-05 20:12 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Caroline\Downloads\BitTorrent-MobyInnocents-Free 2013-11-05 09:06 - 2013-07-19 19:37 - 00000000 ___RD C:\Users\Caroline\Dropbox 2013-11-05 09:06 - 2013-07-19 19:32 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Dropbox 2013-11-05 06:37 - 2010-11-20 16:01 - 00719716 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-05 06:33 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\MyPC Backup 2013-11-05 06:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-05 06:32 - 2009-07-13 23:39 - 00037554 _____ C:\Windows\setupact.log 2013-11-02 16:25 - 2013-10-26 14:13 - 00000000 ____D C:\Users\Caroline\Documents\Various Family Members 2013-11-02 13:15 - 2013-11-02 13:14 - 00000000 ____D C:\Users\Peggy\Documents\Eliza Spanish 10th Grade 2013-11-02 13:02 - 2013-11-02 13:02 - 24278649 _____ C:\Users\Caroline\Downloads\vlc-2.1.0-win32.exe 2013-11-02 12:43 - 2013-11-02 12:43 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe 2013-11-02 12:39 - 2010-11-20 16:48 - 00026826 _____ C:\Windows\PFRO.log 2013-11-02 12:37 - 2013-11-02 12:37 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Real 2013-11-02 12:36 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Search Protection 2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\uTorrent 2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\ProgramData\Real 2013-11-02 12:34 - 2013-11-02 12:34 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent.exe 2013-11-02 12:14 - 2013-11-02 12:14 - 00319376 _____ C:\Users\Caroline\Downloads\Setup.exe 2013-11-02 11:45 - 2013-11-02 11:45 - 00000884 __RSH C:\Users\Caroline\ntuser.pol 2013-11-02 11:45 - 2012-09-15 09:24 - 00000000 ____D C:\Users\Caroline 2013-11-02 11:21 - 2013-11-02 11:21 - 00000000 ____D C:\Program Files\SuperLyrics-16 2013-11-02 11:20 - 2013-11-02 11:20 - 00000884 __RSH C:\Users\Peggy\ntuser.pol 2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\downquick 2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\Tuguu SL 2013-11-02 11:20 - 2013-03-25 07:21 - 00002337 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-02 11:20 - 2012-09-12 21:10 - 00000000 ____D C:\Users\Peggy 2013-11-02 11:20 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-11-02 11:17 - 2013-11-02 11:17 - 00319384 _____ C:\Users\Caroline\Downloads\Setup_V2.exe 2013-11-02 09:24 - 2012-09-28 21:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-27 20:29 - 2013-10-27 20:29 - 00023563 _____ C:\Users\Caroline\Downloads\FRANKLIN 2.odt 2013-10-26 14:15 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\School 2013-10-19 09:23 - 2013-10-19 09:23 - 00126464 _____ C:\Users\Caroline\Downloads\TELEPHONEDIRECTORYPAGE1Spring2013.xls 2013-10-15 17:08 - 2012-10-14 09:09 - 00210360 _____ C:\Windows\system32\Drivers\OADriver.sys 2013-10-15 17:08 - 2012-10-14 09:09 - 00044984 _____ C:\Windows\system32\Drivers\oahlp32.sys 2013-10-15 17:08 - 2012-10-14 09:09 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2013-10-15 17:08 - 2012-10-14 09:09 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2013-10-15 16:51 - 2012-09-17 08:35 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-10-15 11:23 - 2012-09-18 17:39 - 00000000 ____D C:\Users\Peggy\Documents\Outlook Files Files to move or delete: ==================== C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\Caroline\AppData\Local\Temp\contentDATs.exe C:\Users\Caroline\AppData\Local\Temp\D2M-Precheck.exe C:\Users\Caroline\AppData\Local\Temp\Impressioner.exe C:\Users\Caroline\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe C:\Users\Caroline\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013 Ran by Caroline at 2013-11-14 20:25:20 Running from C:\Users\Caroline\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} ==================== Installed Programs ====================== 3M Products Update version 2012-05 for Microsoft Office 2010 Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Reader X (10.1. (Version: 10.1. Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DownQuick (Version: 1.0.1) Dropbox (HKCU Version: 2.0.26) Emsisoft Anti-Malware (Version: 6.6) Facebook Video Calling 1.2.0.287 (Version: 1.2.287) Google Chrome (Version: 30.0.1599.101) Google Update Helper (Version: 1.3.21.165) HP FWUpdateEDO2 (Version: 1.2.0.0) HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0) HP Officejet Pro 8600 Help (Version: 140.0.2.2) HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0) HP Update (Version: 5.005.000.002) HPDiagnosticAlert (Version: 1.00.0000) I.R.I.S. OCR (Version: 12.3.4.0) iCloud (Version: 3.0.2.163) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930) Intel® TV Wizard iTunes (Version: 11.1.1.11) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) MyPC Backup (Version: ) Online Armor 6.0 (Version: 6.0) QuickTime (Version: 7.74.80.86) SuperLyrics-16 (Version: 1.29.153.3) The Sims™ 3 (Version: 1.0.631) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition WD Drive Utilities (Version: 1.0.3.3) WD Security (Version: 1.0.3.3) WD SmartWare (Version: 1.6.4.7) ==================== Restore Points ========================= Could not list Restore Points. Check WMI. ==================== Hosts content: ========================== 2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003Core.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003UA.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => ? ==================== Loaded Modules (whitelisted) ============= 2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Caroline\AppData\Roaming\Dropbox\bin\libcef.dll 2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-10-17 18:58 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll 2013-10-17 18:58 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll 2013-10-17 18:58 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll 2013-10-17 18:58 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll 2013-10-17 18:58 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll 2013-10-17 18:58 - 2013-10-08 19:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2013 02:00:04 AM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (11/05/2013 06:33:50 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 02:00:02 AM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (11/02/2013 00:41:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/02/2013 00:41:04 PM) (Source: Application Error) (User: ) Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting process id: 0xd40 Faulting application start time: 0xDefaultTabSearch.exe0 Faulting application path: DefaultTabSearch.exe1 Faulting module path: DefaultTabSearch.exe2 Report Id: DefaultTabSearch.exe3 Error: (11/02/2013 09:23:01 AM) (Source: MsiInstaller) (User: Peggy-PC) Description: Product: Oovoo Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome Error: (11/02/2013 07:39:42 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2013 01:00:01 AM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (10/26/2013 09:49:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/26/2013 09:48:36 AM) (Source: Application Error) (User: ) Description: Faulting application name: MSOSYNC.EXE, version: 14.0.6116.5000, time stamp: 0x4f1650b3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x58c Faulting application start time: 0xMSOSYNC.EXE0 Faulting application path: MSOSYNC.EXE1 Faulting module path: MSOSYNC.EXE2 Report Id: MSOSYNC.EXE3 System errors: ============= Error: (11/10/2013 09:57:58 AM) (Source: DCOM) (User: ) Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC} Error: (11/07/2013 06:23:41 AM) (Source: DCOM) (User: ) Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC} Error: (11/05/2013 06:32:45 AM) (Source: Service Control Manager) (User: ) Description: The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error: (11/02/2013 00:41:11 PM) (Source: Service Control Manager) (User: ) Description: The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error: (11/02/2013 00:40:59 PM) (Source: Service Control Manager) (User: ) Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: %%1053 Error: (11/02/2013 00:40:59 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect. Error: (11/02/2013 11:21:15 AM) (Source: Service Control Manager) (User: ) Description: The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/02/2013 11:21:03 AM) (Source: Service Control Manager) (User: ) Description: The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/27/2013 10:14:01 AM) (Source: DCOM) (User: ) Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC} Error: (10/26/2013 09:48:36 AM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (11/10/2013 02:00:04 AM) (Source: Windows Backup)(User: ) Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (11/05/2013 06:33:50 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 02:00:02 AM) (Source: Windows Backup)(User: ) Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (11/02/2013 00:41:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/02/2013 00:41:04 PM) (Source: Application Error)(User: ) Description: DefaultTabSearch.exe0.0.0.05252e730DefaultTabSearch.exe0.0.0.05252e730c000000500002c60d4001ced7f2b10b44c5C:\Program Files\DefaultTab\DefaultTabSearch.exeC:\Program Files\DefaultTab\DefaultTabSearch.exef20c2358-43e5-11e3-8844-00219b1f4e42 Error: (11/02/2013 09:23:01 AM) (Source: MsiInstaller)(User: Peggy-PC) Description: Product: Oovoo Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/02/2013 07:39:42 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2013 01:00:01 AM) (Source: Windows Backup)(User: ) Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (10/26/2013 09:49:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/26/2013 09:48:36 AM) (Source: Application Error)(User: ) Description: MSOSYNC.EXE14.0.6116.50004f1650b3unknown0.0.0.000000000c00000050000000058c01ced25a6a561ad1C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEunknownb0cd544c-3e4d-11e3-ac04-00219b1f4e42 ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3317.18 MB Available physical RAM: 1466.84 MB Total Pagefile: 6632.64 MB Available Pagefile: 3691.81 MB Total Virtual: 2047.88 MB Available Virtual: 1890.69 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.72 GB) (Free:196.03 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.78 GB) NTFS Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ==================== End Of Log ========================
  8. Why does OA take a huge time in populating the list of Programs in the programs tab at the first opening? Can't the list be transfered to a RTF file and then read fast and the addtions or deletions updated to the file regularly. In case if the previous session is closed with the programs tab, at the next opening after a restart OA takes a huge time in displaying them.
  9. I had my Netbook setup with the Automatic Updates turned off and I was just updating the Host Rules dat file that GT500 had provided after an update of Emsisoft. I didn't do the timer change on my Dell Netbook. I just updated Emsisoft tonight and turned on the Automatic Updates and it downloaded all of the latest updates and I started the scan and it worked. I then closed out of Emsisoft and started it backup again and it came up without any errors. I then rebooted the computer and after the computer had completed booting up there were no errors. I then started Emsisoft without any problems, did another update, did a scan and it worked fine. I then did another update just to make sure that I had all of the updates and that went fine and I did another reboot and the boot went without any errors. I then started Emsisoft again without any problems, did another update without problems, and ran another scan with no problems. From my standpoint the Application Starting Error Problem that I was having has been resolved at this time for my Dell Netbook. Thanks GT500 for your help.
  10. Since updating to Firefox 25.0, I have been unable to get Firefox to run safer. During the Firefox 25.0 install one of the OA popups had a check box marked RunSafer, which I checked, but Firefox was not in RunSafer mode when it first started up. I closed Firefox and went to the OA config page and marked firefox.exe as RunSafer in the Programs tab. This has always worked in the past to get a program to RunSafer. Not this time. Still no RunSafer. I went back in to OA's Programs tab and marked every file in the list associated with Firefox as RunSafer, and still no result. Tonight Firefox updated to ver. 25.0.1, which I hoped might have some effect on the issue, alas, Firefox will still not RunSafer. What am I missing here? Any thoughts?
  11. Hello Emsisoft!: Just have a doubt in mind about a program, JDownloader. Today when i added a link from relink.us on JDownloader, to download a movie posted in a forum, a warning from Jdownloader appeared saying it was a calling for a Flash connection, turned off that, i do not remember click and load did that in the past. I canceled that link in JD, but in Online Armor Premium an OUT TCP connection was pointing to 127.0.0.1:9666 > rts.sparkstudios.com , i closed that connection and the HIPS from OA dissapeared. Then turned on again HIPS , and when restarted Jdownloader, there was again an IN TCP connection from 127.0.0.1: 9666. The next time i started JD the program did an update ( to their official site ) , and now if i restart JD that connection doesnt appear anymore. I checked that link from relink.us in VirusTotal and it doesnt show up as a malware, neither where it redirects. I have Java last version as well as Flash. I scanned with EAM, nothing appeared. Should i be worried anyway or is that normal?. Thank you! Zulu
  12. Hi, I would like to point out a small issue since the latest 8.1.0.4 update. When I am using HyperSnap 7.25.04 to capture screenshots I noticed that EAM tray icon is no longer responding. Nevertheless I am still able to open EAM panel via the desktop icon. I have enclosed a screen of the panel where everything seem to be still activated except the tray icon. Would be perfect if this can be fixed in a future update as I am currently obliged to restart my PC in order to get the tray icon working correctly. Not a big issue though. I am running Win 7 64 bit. Thanks.
  13. Steve Gibson Research's " Shields Up" test (https://www.grc.com/x/ne.dll?rh1dkyd2 under Shields Up Services) doesnt show my ports are stealth, which is what is desirable. It only shows them as closed. The last time I did this test, I believe I was using Zone Alarm and I recall they tested as stealthed by default at the time. I'm not sure how to set OA to do the same I see on the firewall tab the checkmarks for "restricted" are on alot of the ports by default, but could not find in help what exactly "restricted" means or does. How do I make my ports invisible on the net with OA ?
  14. Hello, I have Emsisoft Anti-Malware and Online Armor Firewall (latest editions) installed on my computer. I performed Shields Up test at https://www.grc.com/x/ne.dll?bh0bkyd2 The results were not good: 8 ports were not stealthed. Is it possible to fix this? Thanks in advance, Victor Here is a mummary of the test: GRC Port Authority Report created on UTC: 2013-07-20 at 11:34:22Results from scan of ports: 0-1055 0 Ports Open 8 Ports Closed 1048 Ports Stealth--------------------- 1056 Ports TestedNO PORTS were found to be OPEN.Ports found to be CLOSED were: 21, 22, 23, 80, 135, 445, 593, 1025Other than what is listed above, all ports are STEALTH.TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received.
  15. It has been a while since I logged onto her, and my other topic was closed. I am continuing to have issues. My laptop is running ultra slow again, and the video does not play properly (video portion freezes or skips, while audio plays properly) I am unable to right-click and save anything to the desktop, and when I ran the OTL program, It does not generate an "EXTRAS" log. Attached are the most recent. Emsisoft scan log, and the OTL log. Thank you, James
  16. Hi! I am a OA Free (version 6.0.0.1736) user, and my XP SP3 box also installed with our company's antivirus system, Trend Micro Worey-Free Bussiness Security (8.0.1346), or called it WFSMB for short. I found that the OPEN FILE dialog window forzen and returned to normal later (about 30 seconds) while using text editor (NotePad) to open text files that storded in differents folders under the same path. The structure of folders as indicated below: ======================== d:\textfiles\20130101\ d:\textfiles\20130102\ d:\textfiles\20130103\ d:\textfiles\20130104\ ... ======================== And I open Word 2003 then close it, the software also forzen for a while then closed normally. I had excluded OA in the exclusion setting of WFSMB, and excluded WFSMB in OA's Options > Exclusions . But nothing changed. I wonder if HIPS feature of both softwares cause this problem? As you can see in the attached image, OA-001.jpg, there are kernel events in History window. I had talked with Trend Micro, they say it is best to install one set of security software at the same time. But I use NOD32 at my home box, it works well with OA. Could you help me to slove this strange problem? Thanks a lot
  17. I have Emsi-Soft anti-malware software on my computer with a current license. I suddenly had a problem where my Microsoft Office products (Outlook, Word, Excel) closed and will not re-open. I ran my Norton Anti-Virus scan with no problems reported. I wanted to run an Emsi-Soft scan, but the program does not appear to be working and would not run. When I tried to go to Emsi-soft.com for support, my browser redirected me to other, unrelated websites. This led me to conclude I may have a malware problem. I found and followed the Emsi-Soft emergency kit instructions. However, the scan log showed no problems or results. The OTL notepads are attached. Thank you for your help.
  18. I have detected two problems using Emisoft AntiMalware: I have enclosed the A2 emergency kit scan. will post OLT when it finishes
  19. When I connect to http://www.bing.com/ OA reports multiple iexplorer.exe/TCP connections are opened. These connections remain even if IE 8 is closed. (This is on a Win XP system, hence IE For example. edge-star-shv-03-ash5.facebook.com Both of the following have been entered in OA Domains with a status of "Blocked" but the connection is still made. edge-star-shv-03-ash5.facebook.com *.facebook.com Closing the connection in OA does nothing. Anyway to block such connections?
  20. I'm a current paid user of EAM with a few months left on my current license. I purchased a couple of EAM CDs on sale, each of which has a license enclosed with the CD. Is there any advantage (other than loss) or disadvantage to registering these new licenses on the online License Center, even though I won't be using them until the previous license expires? I'm concerned about the 10-month window (which I've never understood) that seems to be in force with licenses purchased directly from you. Can you explain how that works? I plan to activate one license when my current one expires, then the other one a year after that. Is that a problem? Thanks!
  21. I am running Online Armor Premium 6.0.0.1736, Firefox 17.0.1 and Sandboxie 3.76 64 bit (registered), Windows 7 64 Home Premium. Online Armor appears to be blocking Firefox from connecting to websites correctly, when Firefox is run within a sandbox. What happens is: 1) I open Firefox within a sandbox, and my homepage (google) opens without apparent problems. 2) I then attempt to connect to a website, and it begins to open and then freezes, either before the website opens at all, or when it has partially loaded. The freezing always happens at a point when a message at the bottom of the page says "Transferring data from ....[website]" and that's as far as it goes. Firefox is frozen and I have to close it down from within Task Manager. This has happened with every website I have tested so far. I have no problems with Firefox when it is un-sandboxed. I have no problems with sandboxed Firefox when Online Armor is completely closed down. I have tried un-ticking Firewall, Web Shield, Program Guard and Anti-Keylogger in Online Armor, but that does not fix the problem. I have to close and shut down Online Armor completely before Firefox will work within a sandbox. Sandboxie Settings - Firefox is included in the Software compatibility list. Within the Webbrowser settings, I have allowed direct access to Firefox bookmarks, history, cookies, passwords, phishing database, session management and the profile folder, to see if this fixed the problem, but it doesn't. I am not using "Run Safer" for any of the programs involved. I have seen multiple posts online saying that Online Armor causes problems with Sandboxie, but I haven't seen any fixes. Can anyone help me with this? I really don't want to stop using Sandboxie or Online Armor. They are both in my "indispensable" category.
  22. Hi. Once the scan is done with the anti-alware, I find 43 cookies linked to Chrome whih are rated as high risk. I cannot delete them nor quarantine them, even with Chrome closed. Funny thing, the emsisoft website says (before adressing me to the forum) that if I had purchased the anti-malware version, I would have not been infected. But I do have the REAL-TIME version and despite that, I got infected. Please help. Cancelled all cookies in Chrome but they still appear after the scan
  23. Hello, Just got infections in my PC. Grateful for help. Enclosed are the files you ask for in your instructions. Best Regards svinto2
  24. unable to quentine or remove Emsisoft Emergency Kit - Version 3.0 Last update: N/A Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 3/2/2013 2:02:40 PM \DosDevices\PhysicalDrive0 detected: Heuristic.Possible.MBR.Rootkit (A) C:\Program Files (x86)\Discount Buddy\Uninstall.exe detected: Packed.Win32.ScrambleWrapper.AMN (A) Scanned 504983 Found 2 Scan end: 3/2/2013 3:23:00 PM Scan time: 1:20:20 C:\Program Files (x86)\Discount Buddy\Uninstall.exe Quarantined Packed.Win32.ScrambleWrapper.AMN (A) Quarantined 1 OTL Extras logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BC5E76-C6DF-4E77-8F76-97DCE95ABDB3}" = rport=2869 | protocol=6 | dir=out | app=system | "{16D13A33-5225-4BF9-B519-185D249C45B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{218ACA1A-87DC-4147-9F10-BC19CBE4AE5C}" = rport=137 | protocol=17 | dir=out | app=system | "{28972538-46D6-4001-A521-541D40EB88AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3FBDC6D9-3153-406B-AF93-77AB08F6A1FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48C2577D-4B79-4BFC-86CB-368D1F0B3C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C14DFEE-AB82-42E9-8738-42F7946EF46A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59F1C414-DF4D-491B-9E2C-8E729EE5BDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5D1422D0-81FD-4ACD-ADB2-1D34AE9BF944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{661D3A98-C7A9-4548-9926-8338E2CF3BF6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7088BDCF-5394-4F8E-8582-CFA4C46DFB7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EDC9EEC-AC75-422B-BB80-37C0379602DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{871B47C6-787A-4C77-9E8A-2F388BD25440}" = lport=10243 | protocol=6 | dir=in | app=system | "{899DFCEA-0620-4C90-834A-FF32AC3B8F6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8E3E1076-AA33-47BC-98E1-751D703895CE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{94DA6173-996F-4550-8D38-B9EC8468A7B3}" = rport=138 | protocol=17 | dir=out | app=system | "{95FB2C6E-F775-4222-AB6A-07C104B89DCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D44703E-539C-4593-9533-452E23D8547E}" = lport=137 | protocol=17 | dir=in | app=system | "{9F02EA79-CE9A-412C-90F1-44BDEC77ED29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A57E084D-7130-48AA-B633-90F6C5063398}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A73CFA92-981E-4E70-BAC8-01AF179EAFCC}" = rport=139 | protocol=6 | dir=out | app=system | "{A9547648-999C-43BD-A5E1-298876805D5E}" = lport=139 | protocol=6 | dir=in | app=system | "{AC4B7DEE-31EC-4771-8905-DF9F17757F45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B6036A65-029E-44EA-BF53-71256DD863E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B636BA59-2303-450E-89A2-2FB374E10001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B6D87C6A-EC13-428B-B10D-A2101C7EA0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6ECF73C-6963-41EF-AF4E-422E68CC5DA1}" = lport=445 | protocol=6 | dir=in | app=system | "{BED5E023-A973-4DD0-89F1-41B228FC199B}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5FB6564-3AB1-4185-B694-E0830ABD0CC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0634469-6122-405B-9A8C-66F22CEE40DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E1CF1F9B-92D6-4B72-8591-2B05D4AD27F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E25D65C3-89F1-4EB6-8C5E-041D6A2D92D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4016A3A-B8A6-47C2-8363-28F1B674D709}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC39EE95-9852-4D51-99FB-E9EC86FEF0FD}" = rport=445 | protocol=6 | dir=out | app=system | "{F3E9A7C7-55DE-4311-B8FE-500C7D0D7E1D}" = lport=138 | protocol=17 | dir=in | app=system | "{F5B0EB12-345E-4657-92C1-DEFB8F9EAD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F60CC3E0-EF08-4C7A-8FB7-8D6F247C704D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07672692-4BF3-42D0-94F9-8A8659EB5AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14D07F07-F698-47E0-8B3E-7873126BEB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{18D0DF86-EACB-40E3-93EA-1D9007EE16FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{1BDFC647-21B0-47F0-BDCD-39AAEEAD6181}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C8BDA31-7F51-436B-B2ED-E7ABD85D7757}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1E03FEE4-DC47-488B-A577-09EDDF5942E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2355E435-81E9-4783-8A6F-6921342286F8}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{26CABD83-ACC4-4ACA-B0EA-6B8DAE8A00ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{28A7A94E-F92B-458C-B3F9-42E463E49B4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{36446CEE-ED20-4936-AA27-8AE59753BE59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{37A3189E-D2CA-4EF1-BA32-EFDFD3C90E64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3ABB3028-FD8B-4D1B-A3B2-FF719AD62ECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4649C50D-8BFE-4335-8A22-653A1D9E8A73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{4B4B4E50-D4DE-4EBB-95FA-28CEB7DCB929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CBB3CBF-67D8-48CA-B76F-03F78E31604F}" = protocol=1 | dir=out | [email protected],-28544 | "{4E2B87F8-2B67-4C1D-8A50-F9F47B50DBC0}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{4F6CCAAE-75ED-4AE5-B70F-ACD9C12BB7E4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{543C08E8-7D9D-4881-B971-8DAE04EC6831}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{5550A930-F6B1-4554-8D91-480FF5A90D9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{570EFBA1-A22E-41DF-A7F2-D82414437C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{576ADC4C-C0A7-4267-B987-82670ACADAAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{584FF8A9-263C-4A7C-A52B-40A31FA55C15}" = protocol=58 | dir=out | [email protected],-28546 | "{6712E082-1918-496D-A042-7FED59EDF7CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6BF2F48E-229B-4B3E-8415-43970EE1B6A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6D00C5B7-7747-4C72-BA38-1CBD6ACE4A3B}" = dir=in | app=c:\users\dml720\appdata\local\temp\7zs2159\setup\hpznui40.exe | "{6D7A38FB-D54F-4386-AB65-7BD2826A9442}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{6ECE57B6-C034-4FC9-B077-9B7ADEFB4483}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{708A373E-85D9-4786-B2D0-3E17797583E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{736A5542-7B25-423E-9AAC-78E45DAA1210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{73B27B61-50E6-4706-AD71-DD7FADD9B3C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{7B051EA2-C6E4-4E69-8CA4-EEE71906403A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{7DA30011-C186-48C7-81C4-BB8469264175}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{7DAAC3AE-595E-476B-8119-0A994D690265}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{824D11C9-BCFA-445B-A93F-7D7D8C87D0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{8377553C-C09C-45DC-B8E0-E0955273A8F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{84F21049-7719-4B09-B9AA-D23D89D315A1}" = protocol=58 | dir=in | app=system | "{87AC7548-A4D6-41EB-AA2E-DC6EC7B20CE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{8952FB03-32CB-4C3A-A8CA-BB52935E6126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98BF157B-4143-4AE1-95B5-58AC085A3F05}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{A0E5B160-AC5A-43EF-8833-9CA0407656A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7E03BA9-3159-4789-89E5-64C6FF585171}" = protocol=6 | dir=out | app=system | "{A8470DB2-9903-4BCA-AEED-8D1B75BA9441}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A92A2B49-5D53-4A81-914D-09CD0E067B45}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{B0CF0847-7561-4A4F-96F8-DD79F2355325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B0EE1B9A-1016-4F16-B91C-96A42784EE2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD346D34-7FE7-4F47-B636-3D9EB45992CE}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{BD753286-4D00-4985-912D-A4E3F5952E34}" = protocol=58 | dir=in | [email protected],-148 | "{C14C86CC-1E0A-4262-9C03-E9AFB3586064}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C5530891-2A81-4F89-9D32-6B9AD3D1A616}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5F56CC6-0D3C-4FD8-8701-16C86C8F6A71}" = protocol=58 | dir=in | [email protected],-28545 | "{D17698C8-85BE-49E9-BAED-38A27434A337}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D9910AD7-AC24-484B-B279-C8418F9D508F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{DB01E38F-BF6A-4065-A081-07274046187D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DB4562AB-0DF1-4C84-BBAE-42E3807DF978}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{DECE74DE-53E7-412E-A4A8-68BE6FDD0594}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{DFEF405E-EA88-446C-B0A4-35A8D815A728}" = protocol=58 | dir=out | [email protected],-503 | "{E27CC3A3-37F1-4E42-B386-73B13B9E4D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{EEAC0DD0-2B19-4635-B136-0B6CA8122A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0C9E019-AA3A-4FBD-9A96-1B6A8307C54B}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{F2488BAF-9197-4380-875E-FAFFD9E46309}" = protocol=1 | dir=in | [email protected],-28543 | "{F4E9EF1C-EDAE-4C66-A547-1971168DCA72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F7BC7E5C-3BE1-4665-9184-30E807C2036F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FADE70B4-F020-4856-B882-5FB8513358D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE180C51-D960-47E1-9913-ACFF4C69A500}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4F6D70CE-01D4-4E5A-98B4-94769427CB27}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{B9E50FE5-451A-4A51-90A3-CBCA9D45A7A5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1b454602-bab1-4837-95bb-f54766ae363f}" = Nero 9 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}" = H&R Block Deluxe + Efile 2011 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop "{7F7758BE-1D68-4608-83C9-F6C3DFA51202}" = SavvyConnect "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "bSaving" = bSaving "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Discount Buddy" = Discount Buddy "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Legacy 7.5" = Legacy 7.5 "Luxor" = Luxor "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "PhotoEdit995" = PhotoEdit995 "SelectRebatesUninstall" = ShopAtHome.com Toolbar "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite" = Windows Live Essentials "WT078910" = Bejeweled 2 Deluxe "WT078930" = Zuma Deluxe "WT078954" = Blackhawk Striker 2 "WT078962" = Bob the Builder Can-Do-Zoo "WT079018" = Faerie Solitaire "WT079022" = FATE - The Traitor Soul "WT079066" = Jewel Quest Solitaire 3 "WT079098" = Monopoly "WT079102" = Mystery P.I. - Lost in Los Angeles "WT079106" = Penguins! "WT079110" = Plants vs. Zombies "WT079114" = Polar Bowler "WT079118" = Polar Golfer "WT079150" = Scrabble Plus "WT079154" = The Price is Right "WT079175" = Virtual Villagers - A New Home "WT079180" = Yahtzee "WT079283" = Build-a-lot 2 "WT079316" = Escape Rosecliff Island "WT079418" = Virtual Families "WTA-2b105453-aaf1-4f72-b746-e33e7585ab3e" = Luxor ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Shockwave Game Bar Updater "Google Chrome" = Google Chrome "PlayPickle" = Play Pickle Games Console "TidyNetwork.com" = TidyNetwork.com ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/31/2012 6:24:45 AM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 11:27:22 AM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1614 Start Time: 01cde76b093eec40 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 12:26:19 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 784 Start Time: 01cde7726d8b61cc Termination Time: 671 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:06:01 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1470 Start Time: 01cde7773df3c7ec Termination Time: 1154 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:13:44 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ad8 Start Time: 01cde77745e6ff8c Termination Time: 390 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:14:12 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1700 Start Time: 01cde779e16e4044 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:42:26 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12e0 Start Time: 01cde77be4c734c4 Termination Time: 1080 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:45:41 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16bc Start Time: 01cde77bf878d504 Termination Time: 795 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:54:35 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 6:07:15 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = [ Media Center Events ] Error - 1/25/2011 7:53:11 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 3:28:24 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/11/2011 8:50:46 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 6:50:43 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 7/11/2011 10:29:30 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 8:29:19 PM - Error connecting to the internet. 8:29:19 PM - Unable to contact server.. [ System Events ] Error - 3/2/2013 11:09:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:09:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:57:32 AM | Computer Name = dml720-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:54:51 AM on ?3/?2/?2013 was unexpected. Error - 3/2/2013 11:57:37 AM | Computer Name = dml720-PC | Source = BugCheck | ID = 1001 Description = Error - 3/2/2013 12:02:58 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 3/2/2013 4:11:46 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:12:35 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:13:07 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. < End of report > OTL logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\dml720\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Discount Buddy\Discount Buddy-bg.exe (215 Apps) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block ) PRC - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\5.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\10.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\2.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\4.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\3.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\8.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\9.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\6.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\0.mdd () MOD - C:\Users\dml720\AppData\Local\TidyNetwork.com\tidy2ie.dll () MOD - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DTService) -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (USB_RNDIS) -- C:\Windows\SysNative\drivers\usb8023.sys (Microsoft Corporation) DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 83 63 6A 1B DA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{4EBAA401-578A-4D5E-9385-89869F1297FD}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS407 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80983&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin: C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll (MyFunCards) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\dml720\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/03/02 09:00:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/02/10 17:47:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\crossrider CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Discount Buddy) - {11111111-1111-1111-1111-110211671166} - C:\Program Files (x86)\Discount Buddy\Discount Buddy.dll (215 Apps) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Luth Research Browser Add-on) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [inboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\dml720\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Unable to open value key) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://206.176.111.226/activex/AMC.cab (Reg Error: Unable to open value key) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O16 - DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} http://24.111.1.76/iqweb.ocx (Iqeye Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8789A5-E15B-4335-B643-5CE18BC80551}: DhcpNameServer = 24.220.0.10 24.220.0.11 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/02 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/03/02 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\dml720\Desktop\EmsisoftEmergencyKit [2013/03/02 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7144D434-FCBE-4E4B-969A-71116C43AC3A} [2013/03/01 18:09:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPickle [2013/02/26 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Discount Buddy [2013/02/26 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Updater26766 [2013/02/26 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Discount Buddy [2013/02/26 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\TidyNetwork.com [2013/02/20 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{053346D4-6F41-4D83-BB61-BAE20331CA43} [2013/02/16 08:54:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{0BBE25EF-E36D-492E-B858-EC61E48DB27D} [2013/02/15 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7BFED39C-88BA-4121-A367-4D06593BF509} [2013/02/15 03:02:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/15 03:02:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/15 03:02:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/15 03:02:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/15 03:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/15 03:02:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/15 03:02:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/15 03:02:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/15 03:02:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/15 03:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/15 03:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/15 03:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/15 03:02:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/15 03:02:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/15 03:02:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 17:44:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 17:44:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 17:44:51 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 17:44:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 17:44:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 17:44:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 17:44:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 17:44:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 17:44:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 17:44:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/10 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{36CE039F-B14D-4A59-B3C0-D44591951CBC} [2013/02/10 17:45:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition [2013/02/02 16:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AtHomeConnect [2013/02/02 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AtHomeConnect [2013/02/02 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012 [2013/02/02 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/02 15:53:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/02 15:50:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001UA.job [2013/03/02 15:26:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/03/02 15:12:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/02 13:55:39 | 229,397,736 | ---- | M] () -- C:\Users\dml720\Desktop\EEK.zip [2013/03/02 13:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 08:57:24 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys [2013/03/02 08:57:23 | 255,953,410 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/01 05:13:32 | 002,203,327 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013/03/01 05:12:32 | 000,002,464 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/27 16:50:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001Core.job [2013/02/26 17:29:25 | 000,001,057 | ---- | M] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/26 17:13:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/26 17:13:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 17:04:00 | 000,002,374 | ---- | M] () -- C:\Users\dml720\Desktop\Google Chrome.lnk [2013/02/15 03:42:51 | 000,460,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/15 03:08:05 | 000,745,276 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 03:08:05 | 000,627,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/15 03:08:05 | 000,107,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/14 10:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini [2013/02/10 18:06:52 | 000,001,299 | ---- | M] () -- C:\Users\dml720\Desktop\Norton Installation Files.lnk [2013/02/10 17:38:59 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/02/10 17:38:59 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/02/10 17:38:59 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/02/02 16:44:16 | 000,001,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2013/01/31 20:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat [2013/01/31 20:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/02 13:47:22 | 229,397,736 | ---- | C] () -- C:\Users\dml720\Desktop\EEK.zip [2013/02/26 17:29:25 | 000,001,057 | ---- | C] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/02 16:44:16 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2012/07/03 16:41:15 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2012/06/17 16:01:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/06/10 20:22:13 | 000,007,601 | ---- | C] () -- C:\Users\dml720\AppData\Local\Resmon.ResmonCfg [2012/04/14 10:27:27 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll [2011/12/15 05:57:00 | 000,000,000 | ---- | C] () -- C:\Users\dml720\AppData\Local\{CFC9C28C-3CD5-4F58-93C3-2D14A7DA1229} [2011/08/26 16:37:39 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini [2011/06/04 08:49:09 | 000,220,876 | ---- | C] () -- C:\Windows\hpoins35.dat.temp [2011/06/04 08:49:09 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Amazon [2011/09/11 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Catalina Marketing Corp [2011/09/11 07:47:55 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\E-centives [2011/02/13 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Millennia [2010/11/25 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\OEM [2011/01/30 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Opera [2011/02/05 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\pdf995 [2012/05/09 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\SoftGrid Client [2013/02/03 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TaxCut [2011/03/02 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Tific [2011/03/02 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TP [2012/08/12 07:35:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Visan [2012/07/04 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\WildTangent [2011/02/08 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
  25. Hi there, sorry to necro an older thread, but this is precisely my issue as well. No error message other than "Can not start Online Armor Service" in a big, otherwise empty error window. I first tried to install this after installing Emsisoft Anti-Malware on my Windows Vista (Home edition) games profile. I installed Online Armor, rebooted as requested and it gave me the error. After this did not work, I went into the Admin profile, same error. Uninstalled, rebooted, went back into Admin. Reinstalled, rebooted. Same error. Closed Windows security software, ran the same process as above. Same error. I have no other Malware or Firewall software running on this machine right now. I found this thread and tried to follow the suggested download; link goes to a 404 page, so no such known file or directory. Do we have a new file I could try, or a different approach I could try, please? Thank you ~Ges