Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 744 results

  1. I had my Netbook setup with the Automatic Updates turned off and I was just updating the Host Rules dat file that GT500 had provided after an update of Emsisoft. I didn't do the timer change on my Dell Netbook. I just updated Emsisoft tonight and turned on the Automatic Updates and it downloaded all of the latest updates and I started the scan and it worked. I then closed out of Emsisoft and started it backup again and it came up without any errors. I then rebooted the computer and after the computer had completed booting up there were no errors. I then started Emsisoft without any problems, did another update, did a scan and it worked fine. I then did another update just to make sure that I had all of the updates and that went fine and I did another reboot and the boot went without any errors. I then started Emsisoft again without any problems, did another update without problems, and ran another scan with no problems. From my standpoint the Application Starting Error Problem that I was having has been resolved at this time for my Dell Netbook. Thanks GT500 for your help.
  2. Since updating to Firefox 25.0, I have been unable to get Firefox to run safer. During the Firefox 25.0 install one of the OA popups had a check box marked RunSafer, which I checked, but Firefox was not in RunSafer mode when it first started up. I closed Firefox and went to the OA config page and marked firefox.exe as RunSafer in the Programs tab. This has always worked in the past to get a program to RunSafer. Not this time. Still no RunSafer. I went back in to OA's Programs tab and marked every file in the list associated with Firefox as RunSafer, and still no result. Tonight Firefox updated to ver. 25.0.1, which I hoped might have some effect on the issue, alas, Firefox will still not RunSafer. What am I missing here? Any thoughts?
  3. Hello Emsisoft!: Just have a doubt in mind about a program, JDownloader. Today when i added a link from relink.us on JDownloader, to download a movie posted in a forum, a warning from Jdownloader appeared saying it was a calling for a Flash connection, turned off that, i do not remember click and load did that in the past. I canceled that link in JD, but in Online Armor Premium an OUT TCP connection was pointing to 127.0.0.1:9666 > rts.sparkstudios.com , i closed that connection and the HIPS from OA dissapeared. Then turned on again HIPS , and when restarted Jdownloader, there was again an IN TCP connection from 127.0.0.1: 9666. The next time i started JD the program did an update ( to their official site ) , and now if i restart JD that connection doesnt appear anymore. I checked that link from relink.us in VirusTotal and it doesnt show up as a malware, neither where it redirects. I have Java last version as well as Flash. I scanned with EAM, nothing appeared. Should i be worried anyway or is that normal?. Thank you! Zulu
  4. Hi, I would like to point out a small issue since the latest 8.1.0.4 update. When I am using HyperSnap 7.25.04 to capture screenshots I noticed that EAM tray icon is no longer responding. Nevertheless I am still able to open EAM panel via the desktop icon. I have enclosed a screen of the panel where everything seem to be still activated except the tray icon. Would be perfect if this can be fixed in a future update as I am currently obliged to restart my PC in order to get the tray icon working correctly. Not a big issue though. I am running Win 7 64 bit. Thanks.
  5. Steve Gibson Research's " Shields Up" test (https://www.grc.com/x/ne.dll?rh1dkyd2 under Shields Up Services) doesnt show my ports are stealth, which is what is desirable. It only shows them as closed. The last time I did this test, I believe I was using Zone Alarm and I recall they tested as stealthed by default at the time. I'm not sure how to set OA to do the same I see on the firewall tab the checkmarks for "restricted" are on alot of the ports by default, but could not find in help what exactly "restricted" means or does. How do I make my ports invisible on the net with OA ?
  6. Hello, I have Emsisoft Anti-Malware and Online Armor Firewall (latest editions) installed on my computer. I performed Shields Up test at https://www.grc.com/x/ne.dll?bh0bkyd2 The results were not good: 8 ports were not stealthed. Is it possible to fix this? Thanks in advance, Victor Here is a mummary of the test: GRC Port Authority Report created on UTC: 2013-07-20 at 11:34:22Results from scan of ports: 0-1055 0 Ports Open 8 Ports Closed 1048 Ports Stealth--------------------- 1056 Ports TestedNO PORTS were found to be OPEN.Ports found to be CLOSED were: 21, 22, 23, 80, 135, 445, 593, 1025Other than what is listed above, all ports are STEALTH.TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received.
  7. It has been a while since I logged onto her, and my other topic was closed. I am continuing to have issues. My laptop is running ultra slow again, and the video does not play properly (video portion freezes or skips, while audio plays properly) I am unable to right-click and save anything to the desktop, and when I ran the OTL program, It does not generate an "EXTRAS" log. Attached are the most recent. Emsisoft scan log, and the OTL log. Thank you, James
  8. Hi! I am a OA Free (version 6.0.0.1736) user, and my XP SP3 box also installed with our company's antivirus system, Trend Micro Worey-Free Bussiness Security (8.0.1346), or called it WFSMB for short. I found that the OPEN FILE dialog window forzen and returned to normal later (about 30 seconds) while using text editor (NotePad) to open text files that storded in differents folders under the same path. The structure of folders as indicated below: ======================== d:\textfiles\20130101\ d:\textfiles\20130102\ d:\textfiles\20130103\ d:\textfiles\20130104\ ... ======================== And I open Word 2003 then close it, the software also forzen for a while then closed normally. I had excluded OA in the exclusion setting of WFSMB, and excluded WFSMB in OA's Options > Exclusions . But nothing changed. I wonder if HIPS feature of both softwares cause this problem? As you can see in the attached image, OA-001.jpg, there are kernel events in History window. I had talked with Trend Micro, they say it is best to install one set of security software at the same time. But I use NOD32 at my home box, it works well with OA. Could you help me to slove this strange problem? Thanks a lot
  9. I have Emsi-Soft anti-malware software on my computer with a current license. I suddenly had a problem where my Microsoft Office products (Outlook, Word, Excel) closed and will not re-open. I ran my Norton Anti-Virus scan with no problems reported. I wanted to run an Emsi-Soft scan, but the program does not appear to be working and would not run. When I tried to go to Emsi-soft.com for support, my browser redirected me to other, unrelated websites. This led me to conclude I may have a malware problem. I found and followed the Emsi-Soft emergency kit instructions. However, the scan log showed no problems or results. The OTL notepads are attached. Thank you for your help.
  10. I have detected two problems using Emisoft AntiMalware: I have enclosed the A2 emergency kit scan. will post OLT when it finishes
  11. When I connect to http://www.bing.com/ OA reports multiple iexplorer.exe/TCP connections are opened. These connections remain even if IE 8 is closed. (This is on a Win XP system, hence IE For example. edge-star-shv-03-ash5.facebook.com Both of the following have been entered in OA Domains with a status of "Blocked" but the connection is still made. edge-star-shv-03-ash5.facebook.com *.facebook.com Closing the connection in OA does nothing. Anyway to block such connections?
  12. I'm a current paid user of EAM with a few months left on my current license. I purchased a couple of EAM CDs on sale, each of which has a license enclosed with the CD. Is there any advantage (other than loss) or disadvantage to registering these new licenses on the online License Center, even though I won't be using them until the previous license expires? I'm concerned about the 10-month window (which I've never understood) that seems to be in force with licenses purchased directly from you. Can you explain how that works? I plan to activate one license when my current one expires, then the other one a year after that. Is that a problem? Thanks!
  13. I am running Online Armor Premium 6.0.0.1736, Firefox 17.0.1 and Sandboxie 3.76 64 bit (registered), Windows 7 64 Home Premium. Online Armor appears to be blocking Firefox from connecting to websites correctly, when Firefox is run within a sandbox. What happens is: 1) I open Firefox within a sandbox, and my homepage (google) opens without apparent problems. 2) I then attempt to connect to a website, and it begins to open and then freezes, either before the website opens at all, or when it has partially loaded. The freezing always happens at a point when a message at the bottom of the page says "Transferring data from ....[website]" and that's as far as it goes. Firefox is frozen and I have to close it down from within Task Manager. This has happened with every website I have tested so far. I have no problems with Firefox when it is un-sandboxed. I have no problems with sandboxed Firefox when Online Armor is completely closed down. I have tried un-ticking Firewall, Web Shield, Program Guard and Anti-Keylogger in Online Armor, but that does not fix the problem. I have to close and shut down Online Armor completely before Firefox will work within a sandbox. Sandboxie Settings - Firefox is included in the Software compatibility list. Within the Webbrowser settings, I have allowed direct access to Firefox bookmarks, history, cookies, passwords, phishing database, session management and the profile folder, to see if this fixed the problem, but it doesn't. I am not using "Run Safer" for any of the programs involved. I have seen multiple posts online saying that Online Armor causes problems with Sandboxie, but I haven't seen any fixes. Can anyone help me with this? I really don't want to stop using Sandboxie or Online Armor. They are both in my "indispensable" category.
  14. Hi. Once the scan is done with the anti-alware, I find 43 cookies linked to Chrome whih are rated as high risk. I cannot delete them nor quarantine them, even with Chrome closed. Funny thing, the emsisoft website says (before adressing me to the forum) that if I had purchased the anti-malware version, I would have not been infected. But I do have the REAL-TIME version and despite that, I got infected. Please help. Cancelled all cookies in Chrome but they still appear after the scan
  15. Hello, Just got infections in my PC. Grateful for help. Enclosed are the files you ask for in your instructions. Best Regards svinto2
  16. unable to quentine or remove Emsisoft Emergency Kit - Version 3.0 Last update: N/A Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 3/2/2013 2:02:40 PM \DosDevices\PhysicalDrive0 detected: Heuristic.Possible.MBR.Rootkit (A) C:\Program Files (x86)\Discount Buddy\Uninstall.exe detected: Packed.Win32.ScrambleWrapper.AMN (A) Scanned 504983 Found 2 Scan end: 3/2/2013 3:23:00 PM Scan time: 1:20:20 C:\Program Files (x86)\Discount Buddy\Uninstall.exe Quarantined Packed.Win32.ScrambleWrapper.AMN (A) Quarantined 1 OTL Extras logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BC5E76-C6DF-4E77-8F76-97DCE95ABDB3}" = rport=2869 | protocol=6 | dir=out | app=system | "{16D13A33-5225-4BF9-B519-185D249C45B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{218ACA1A-87DC-4147-9F10-BC19CBE4AE5C}" = rport=137 | protocol=17 | dir=out | app=system | "{28972538-46D6-4001-A521-541D40EB88AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3FBDC6D9-3153-406B-AF93-77AB08F6A1FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48C2577D-4B79-4BFC-86CB-368D1F0B3C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C14DFEE-AB82-42E9-8738-42F7946EF46A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59F1C414-DF4D-491B-9E2C-8E729EE5BDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5D1422D0-81FD-4ACD-ADB2-1D34AE9BF944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{661D3A98-C7A9-4548-9926-8338E2CF3BF6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7088BDCF-5394-4F8E-8582-CFA4C46DFB7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EDC9EEC-AC75-422B-BB80-37C0379602DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{871B47C6-787A-4C77-9E8A-2F388BD25440}" = lport=10243 | protocol=6 | dir=in | app=system | "{899DFCEA-0620-4C90-834A-FF32AC3B8F6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8E3E1076-AA33-47BC-98E1-751D703895CE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{94DA6173-996F-4550-8D38-B9EC8468A7B3}" = rport=138 | protocol=17 | dir=out | app=system | "{95FB2C6E-F775-4222-AB6A-07C104B89DCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D44703E-539C-4593-9533-452E23D8547E}" = lport=137 | protocol=17 | dir=in | app=system | "{9F02EA79-CE9A-412C-90F1-44BDEC77ED29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A57E084D-7130-48AA-B633-90F6C5063398}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A73CFA92-981E-4E70-BAC8-01AF179EAFCC}" = rport=139 | protocol=6 | dir=out | app=system | "{A9547648-999C-43BD-A5E1-298876805D5E}" = lport=139 | protocol=6 | dir=in | app=system | "{AC4B7DEE-31EC-4771-8905-DF9F17757F45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B6036A65-029E-44EA-BF53-71256DD863E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B636BA59-2303-450E-89A2-2FB374E10001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B6D87C6A-EC13-428B-B10D-A2101C7EA0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6ECF73C-6963-41EF-AF4E-422E68CC5DA1}" = lport=445 | protocol=6 | dir=in | app=system | "{BED5E023-A973-4DD0-89F1-41B228FC199B}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5FB6564-3AB1-4185-B694-E0830ABD0CC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0634469-6122-405B-9A8C-66F22CEE40DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E1CF1F9B-92D6-4B72-8591-2B05D4AD27F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E25D65C3-89F1-4EB6-8C5E-041D6A2D92D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4016A3A-B8A6-47C2-8363-28F1B674D709}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC39EE95-9852-4D51-99FB-E9EC86FEF0FD}" = rport=445 | protocol=6 | dir=out | app=system | "{F3E9A7C7-55DE-4311-B8FE-500C7D0D7E1D}" = lport=138 | protocol=17 | dir=in | app=system | "{F5B0EB12-345E-4657-92C1-DEFB8F9EAD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F60CC3E0-EF08-4C7A-8FB7-8D6F247C704D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07672692-4BF3-42D0-94F9-8A8659EB5AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14D07F07-F698-47E0-8B3E-7873126BEB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{18D0DF86-EACB-40E3-93EA-1D9007EE16FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{1BDFC647-21B0-47F0-BDCD-39AAEEAD6181}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C8BDA31-7F51-436B-B2ED-E7ABD85D7757}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1E03FEE4-DC47-488B-A577-09EDDF5942E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2355E435-81E9-4783-8A6F-6921342286F8}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{26CABD83-ACC4-4ACA-B0EA-6B8DAE8A00ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{28A7A94E-F92B-458C-B3F9-42E463E49B4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{36446CEE-ED20-4936-AA27-8AE59753BE59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{37A3189E-D2CA-4EF1-BA32-EFDFD3C90E64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3ABB3028-FD8B-4D1B-A3B2-FF719AD62ECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4649C50D-8BFE-4335-8A22-653A1D9E8A73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{4B4B4E50-D4DE-4EBB-95FA-28CEB7DCB929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CBB3CBF-67D8-48CA-B76F-03F78E31604F}" = protocol=1 | dir=out | [email protected],-28544 | "{4E2B87F8-2B67-4C1D-8A50-F9F47B50DBC0}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{4F6CCAAE-75ED-4AE5-B70F-ACD9C12BB7E4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{543C08E8-7D9D-4881-B971-8DAE04EC6831}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{5550A930-F6B1-4554-8D91-480FF5A90D9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{570EFBA1-A22E-41DF-A7F2-D82414437C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{576ADC4C-C0A7-4267-B987-82670ACADAAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{584FF8A9-263C-4A7C-A52B-40A31FA55C15}" = protocol=58 | dir=out | [email protected],-28546 | "{6712E082-1918-496D-A042-7FED59EDF7CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6BF2F48E-229B-4B3E-8415-43970EE1B6A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6D00C5B7-7747-4C72-BA38-1CBD6ACE4A3B}" = dir=in | app=c:\users\dml720\appdata\local\temp\7zs2159\setup\hpznui40.exe | "{6D7A38FB-D54F-4386-AB65-7BD2826A9442}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{6ECE57B6-C034-4FC9-B077-9B7ADEFB4483}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4a7d\hpdiagnosticcoreui.exe | "{708A373E-85D9-4786-B2D0-3E17797583E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{736A5542-7B25-423E-9AAC-78E45DAA1210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{73B27B61-50E6-4706-AD71-DD7FADD9B3C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{7B051EA2-C6E4-4E69-8CA4-EEE71906403A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{7DA30011-C186-48C7-81C4-BB8469264175}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{7DAAC3AE-595E-476B-8119-0A994D690265}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{824D11C9-BCFA-445B-A93F-7D7D8C87D0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{8377553C-C09C-45DC-B8E0-E0955273A8F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{84F21049-7719-4B09-B9AA-D23D89D315A1}" = protocol=58 | dir=in | app=system | "{87AC7548-A4D6-41EB-AA2E-DC6EC7B20CE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{8952FB03-32CB-4C3A-A8CA-BB52935E6126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98BF157B-4143-4AE1-95B5-58AC085A3F05}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs4f22\hpdiagnosticcoreui.exe | "{A0E5B160-AC5A-43EF-8833-9CA0407656A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7E03BA9-3159-4789-89E5-64C6FF585171}" = protocol=6 | dir=out | app=system | "{A8470DB2-9903-4BCA-AEED-8D1B75BA9441}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A92A2B49-5D53-4A81-914D-09CD0E067B45}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{B0CF0847-7561-4A4F-96F8-DD79F2355325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B0EE1B9A-1016-4F16-B91C-96A42784EE2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD346D34-7FE7-4F47-B636-3D9EB45992CE}" = protocol=17 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{BD753286-4D00-4985-912D-A4E3F5952E34}" = protocol=58 | dir=in | [email protected],-148 | "{C14C86CC-1E0A-4262-9C03-E9AFB3586064}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C5530891-2A81-4F89-9D32-6B9AD3D1A616}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5F56CC6-0D3C-4FD8-8701-16C86C8F6A71}" = protocol=58 | dir=in | [email protected],-28545 | "{D17698C8-85BE-49E9-BAED-38A27434A337}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D9910AD7-AC24-484B-B279-C8418F9D508F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{DB01E38F-BF6A-4065-A081-07274046187D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DB4562AB-0DF1-4C84-BBAE-42E3807DF978}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3e77\hpdiagnosticcoreui.exe | "{DECE74DE-53E7-412E-A4A8-68BE6FDD0594}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{DFEF405E-EA88-446C-B0A4-35A8D815A728}" = protocol=58 | dir=out | [email protected],-503 | "{E27CC3A3-37F1-4E42-B386-73B13B9E4D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{EEAC0DD0-2B19-4635-B136-0B6CA8122A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0C9E019-AA3A-4FBD-9A96-1B6A8307C54B}" = protocol=6 | dir=in | app=c:\users\dml720\appdata\local\temp\7zs3dc4\hpdiagnosticcoreui.exe | "{F2488BAF-9197-4380-875E-FAFFD9E46309}" = protocol=1 | dir=in | [email protected],-28543 | "{F4E9EF1C-EDAE-4C66-A547-1971168DCA72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F7BC7E5C-3BE1-4665-9184-30E807C2036F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FADE70B4-F020-4856-B882-5FB8513358D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE180C51-D960-47E1-9913-ACFF4C69A500}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4F6D70CE-01D4-4E5A-98B4-94769427CB27}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{B9E50FE5-451A-4A51-90A3-CBCA9D45A7A5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1b454602-bab1-4837-95bb-f54766ae363f}" = Nero 9 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}" = H&R Block Deluxe + Efile 2011 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop "{7F7758BE-1D68-4608-83C9-F6C3DFA51202}" = SavvyConnect "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "bSaving" = bSaving "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Discount Buddy" = Discount Buddy "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Legacy 7.5" = Legacy 7.5 "Luxor" = Luxor "N360" = Norton 360 "NBRTWizard" = Norton Bootable Recovery Tool Wizard "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "PhotoEdit995" = PhotoEdit995 "SelectRebatesUninstall" = ShopAtHome.com Toolbar "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite" = Windows Live Essentials "WT078910" = Bejeweled 2 Deluxe "WT078930" = Zuma Deluxe "WT078954" = Blackhawk Striker 2 "WT078962" = Bob the Builder Can-Do-Zoo "WT079018" = Faerie Solitaire "WT079022" = FATE - The Traitor Soul "WT079066" = Jewel Quest Solitaire 3 "WT079098" = Monopoly "WT079102" = Mystery P.I. - Lost in Los Angeles "WT079106" = Penguins! "WT079110" = Plants vs. Zombies "WT079114" = Polar Bowler "WT079118" = Polar Golfer "WT079150" = Scrabble Plus "WT079154" = The Price is Right "WT079175" = Virtual Villagers - A New Home "WT079180" = Yahtzee "WT079283" = Build-a-lot 2 "WT079316" = Escape Rosecliff Island "WT079418" = Virtual Families "WTA-2b105453-aaf1-4f72-b746-e33e7585ab3e" = Luxor ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Shockwave Game Bar Updater "Google Chrome" = Google Chrome "PlayPickle" = Play Pickle Games Console "TidyNetwork.com" = TidyNetwork.com ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/31/2012 6:24:45 AM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 11:27:22 AM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1614 Start Time: 01cde76b093eec40 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 12:26:19 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 784 Start Time: 01cde7726d8b61cc Termination Time: 671 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:06:01 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1470 Start Time: 01cde7773df3c7ec Termination Time: 1154 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:13:44 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ad8 Start Time: 01cde77745e6ff8c Termination Time: 390 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:14:12 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1700 Start Time: 01cde779e16e4044 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:42:26 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12e0 Start Time: 01cde77be4c734c4 Termination Time: 1080 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:45:41 PM | Computer Name = dml720-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16bc Start Time: 01cde77bf878d504 Termination Time: 795 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 12/31/2012 1:54:35 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = Error - 12/31/2012 6:07:15 PM | Computer Name = dml720-PC | Source = dtservice | ID = 131073 Description = [ Media Center Events ] Error - 1/25/2011 7:53:11 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 3:28:24 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/11/2011 8:50:46 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 6:50:43 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 7/11/2011 10:29:30 PM | Computer Name = dml720-PC | Source = MCUpdate | ID = 0 Description = 8:29:19 PM - Error connecting to the internet. 8:29:19 PM - Unable to contact server.. [ System Events ] Error - 3/2/2013 11:09:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:09:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:14 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:10:44 AM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/2/2013 11:57:32 AM | Computer Name = dml720-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:54:51 AM on ?3/?2/?2013 was unexpected. Error - 3/2/2013 11:57:37 AM | Computer Name = dml720-PC | Source = BugCheck | ID = 1001 Description = Error - 3/2/2013 12:02:58 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 3/2/2013 4:11:46 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:12:35 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. Error - 3/2/2013 4:13:07 PM | Computer Name = dml720-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. < End of report > OTL logfile created on: 3/2/2013 3:51:16 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\dml720\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.10 Gb Available Physical Memory | 5.58% Memory free 3.72 Gb Paging File | 0.61 Gb Available in Paging File | 16.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 385.29 Gb Free Space | 85.69% Space Free | Partition Type: NTFS Computer Name: DML720-PC | User Name: dml720 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\dml720\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Discount Buddy\Discount Buddy-bg.exe (215 Apps) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block ) PRC - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - \\.\globalroot\systemroot\svchost.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\5.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\10.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\2.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\4.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\3.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\8.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\9.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\6.mdd () MOD - C:\Users\dml720\AppData\Local\Temp\wrdc0004.~lk\0.mdd () MOD - C:\Users\dml720\AppData\Local\TidyNetwork.com\tidy2ie.dll () MOD - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DTService) -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (USB_RNDIS) -- C:\Windows\SysNative\drivers\usb8023.sys (Microsoft Corporation) DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130301.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361110m103p0454v1j5r4791t275 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 83 63 6A 1B DA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=23DECB02-E299-4CA4-BC80-C27194F4CF95&ind=2011090417&ptnrS=CDxdm003YYus&si=CO6b1I_JhKsCFSUEQAod42m6zQ&n=77decdf1&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{4EBAA401-578A-4D5E-9385-89869F1297FD}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS407 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80983&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin: C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll (MyFunCards) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/23 18:39:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\dml720\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dml720\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/03/02 09:00:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/02/10 17:47:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 15:13:16 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.ask.com/?l=dis&o=1590cr&gct=hp CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\crossrider CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.21.4_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: No name found = C:\Users\dml720\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Discount Buddy) - {11111111-1111-1111-1111-110211671166} - C:\Program Files (x86)\Discount Buddy\Discount Buddy.dll (215 Apps) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Luth Research Browser Add-on) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (Shockwave Game Bar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [inboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\dml720\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Unable to open value key) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://206.176.111.226/activex/AMC.cab (Reg Error: Unable to open value key) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O16 - DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} http://24.111.1.76/iqweb.ocx (Iqeye Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8789A5-E15B-4335-B643-5CE18BC80551}: DhcpNameServer = 24.220.0.10 24.220.0.11 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/02 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/03/02 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\dml720\Desktop\EmsisoftEmergencyKit [2013/03/02 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7144D434-FCBE-4E4B-969A-71116C43AC3A} [2013/03/01 18:09:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayPickle [2013/02/26 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPickle [2013/02/26 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Discount Buddy [2013/02/26 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\Updater26766 [2013/02/26 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Discount Buddy [2013/02/26 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\TidyNetwork.com [2013/02/20 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{053346D4-6F41-4D83-BB61-BAE20331CA43} [2013/02/16 08:54:52 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{0BBE25EF-E36D-492E-B858-EC61E48DB27D} [2013/02/15 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{7BFED39C-88BA-4121-A367-4D06593BF509} [2013/02/15 03:02:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/15 03:02:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/15 03:02:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/15 03:02:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/15 03:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/15 03:02:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/15 03:02:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/15 03:02:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/15 03:02:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/15 03:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/15 03:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/15 03:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/15 03:02:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/15 03:02:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/15 03:02:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 17:44:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 17:44:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 17:44:51 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 17:44:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 17:44:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 17:44:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 17:44:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 17:44:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 17:44:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 17:44:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/10 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\dml720\AppData\Local\{36CE039F-B14D-4A59-B3C0-D44591951CBC} [2013/02/10 17:45:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition [2013/02/02 16:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AtHomeConnect [2013/02/02 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AtHomeConnect [2013/02/02 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012 [2013/02/02 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/02 15:53:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/02 15:50:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001UA.job [2013/03/02 15:26:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/03/02 15:12:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/02 13:55:39 | 229,397,736 | ---- | M] () -- C:\Users\dml720\Desktop\EEK.zip [2013/03/02 13:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:10:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 09:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 08:57:24 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys [2013/03/02 08:57:23 | 255,953,410 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/01 05:13:32 | 002,203,327 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013/03/01 05:12:32 | 000,002,464 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/02/27 16:50:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995024398-4096750-507751695-1001Core.job [2013/02/26 17:29:25 | 000,001,057 | ---- | M] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/26 17:13:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/26 17:13:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 17:04:00 | 000,002,374 | ---- | M] () -- C:\Users\dml720\Desktop\Google Chrome.lnk [2013/02/15 03:42:51 | 000,460,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/15 03:08:05 | 000,745,276 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 03:08:05 | 000,627,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/15 03:08:05 | 000,107,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/14 10:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini [2013/02/10 18:06:52 | 000,001,299 | ---- | M] () -- C:\Users\dml720\Desktop\Norton Installation Files.lnk [2013/02/10 17:38:59 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/02/10 17:38:59 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/02/10 17:38:59 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/02/02 16:44:16 | 000,001,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2013/01/31 20:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat [2013/01/31 20:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/02 13:47:22 | 229,397,736 | ---- | C] () -- C:\Users\dml720\Desktop\EEK.zip [2013/02/26 17:29:25 | 000,001,057 | ---- | C] () -- C:\Users\dml720\Desktop\PlayPickle.lnk [2013/02/02 16:44:16 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013/02/02 16:43:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk [2012/07/03 16:41:15 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2012/06/17 16:01:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/06/10 20:22:13 | 000,007,601 | ---- | C] () -- C:\Users\dml720\AppData\Local\Resmon.ResmonCfg [2012/04/14 10:27:27 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll [2011/12/15 05:57:00 | 000,000,000 | ---- | C] () -- C:\Users\dml720\AppData\Local\{CFC9C28C-3CD5-4F58-93C3-2D14A7DA1229} [2011/08/26 16:37:39 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini [2011/06/04 08:49:09 | 000,220,876 | ---- | C] () -- C:\Windows\hpoins35.dat.temp [2011/06/04 08:49:09 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Amazon [2011/09/11 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Catalina Marketing Corp [2011/09/11 07:47:55 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\E-centives [2011/02/13 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Millennia [2010/11/25 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\OEM [2011/01/30 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Opera [2011/02/05 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\pdf995 [2012/05/09 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\SoftGrid Client [2013/02/03 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TaxCut [2011/03/02 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Tific [2011/03/02 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\TP [2012/08/12 07:35:33 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Visan [2012/07/04 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\WildTangent [2011/02/08 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\dml720\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
  17. Hi there, sorry to necro an older thread, but this is precisely my issue as well. No error message other than "Can not start Online Armor Service" in a big, otherwise empty error window. I first tried to install this after installing Emsisoft Anti-Malware on my Windows Vista (Home edition) games profile. I installed Online Armor, rebooted as requested and it gave me the error. After this did not work, I went into the Admin profile, same error. Uninstalled, rebooted, went back into Admin. Reinstalled, rebooted. Same error. Closed Windows security software, ran the same process as above. Same error. I have no other Malware or Firewall software running on this machine right now. I found this thread and tried to follow the suggested download; link goes to a 404 page, so no such known file or directory. Do we have a new file I could try, or a different approach I could try, please? Thank you ~Ges
  18. Here are my logs.... Emsisoft Emergency Kit - Version 3.0 Last update: 12/12/2012 3:59:31 PM Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 12/30/2012 7:21:26 PM C:\Users\Wagner\AppData\Roaming\iercet.dll detected: Gen:Variant.Symmi.7632 (B) Scanned 402139 Found 1 Scan end: 12/30/2012 7:57:51 PM Scan time: 0:36:25 Quarantined 0 OTL logfile created on: 12/30/2012 8:11:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wagner\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.21 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.01% Memory free 6.43 Gb Paging File | 4.81 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.42 Gb Total Space | 39.81 Gb Free Space | 53.49% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 381.91 Gb Free Space | 82.00% Space Free | Partition Type: NTFS Computer Name: WAGNER-PC | User Name: Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wagner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Wagner\AppData\Roaming\iercet.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Wagner\AppData\Local\Temp\catchme.sys File not found DRV - (MpKsl019f71b9) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA23C0E6-D9D4-4FC6-828C-175209B54A23}\MpKsl019f71b9.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation) DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^RG^xdm003^V07^us&si=CP3Ex-vw4rACFcsZQgodJjH2Gg&ptb=8C8EEACF-2BA9-4A77-BF7B-108982EA3630&ind=2012062218&n=77eda20a&psa=&st=sb&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 4E D2 57 73 0A CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CA67FE69-6743-4A6F-9FA4-06B72806EA7A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CA67FE69-6743-4A6F-9FA4-06B72806EA7A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^RG^xdm003^V07^us&si=CP3Ex-vw4rACFcsZQgodJjH2Gg&ptb=8C8EEACF-2BA9-4A77-BF7B-108982EA3630&ind=2012062218&n=77eda20a&psa=&st=sb&searchfor={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Wagner\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wagner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin O1 HOSTS File: ([2012/10/01 10:24:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKCU..\Run: [iercet] C:\Users\Wagner\AppData\Roaming\iercet.dll () O4 - HKCU..\Run: [igfxalua] rundll32 "fonttend.dll",CreateProcessNotify File not found O4 - HKCU..\Run: [mshui] C:\Users\Wagner\AppData\Roaming\mshui.dll (CodeGear) O4 - HKCU..\Run: [sieans] rundll32.exe "C:\Users\Wagner\AppData\Roaming\sieans.dll",_Fast File not found O4 - HKCU..\Run: [uidplp] C:\Users\Wagner\AppData\Roaming\uidplp.dll (ALPS Electric Co., Ltd.) O4 - HKCU..\Run: [wragr] rundll32.exe "C:\Users\Wagner\AppData\Roaming\wragr.dll",AsDouble File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: reyrey.com ([www.gs] https in Trusted sites) O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player) O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.gs.reyrey.com/clientdll/arview2.cab (ActiveReports Viewer2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CM_AdvancedCAB https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB (Reg Error: Key error.) O16 - DPF: PrintTemplateViewerCab https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09EFADD9-4EF4-45EA-A2BA-16BDB4FD091A}: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D42708D-1AF2-49A8-8D58-BCC7EFF4E8EE}: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF04ECDD-77D2-413D-BD79-B61A193E4A66}: DhcpNameServer = 192.168.0.1 205.171.3.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/30 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\Programs [2012/12/22 03:20:51 | 000,608,768 | ---- | C] (ALPS Electric Co., Ltd.) -- C:\Users\Wagner\AppData\Roaming\uidplp.dll [2012/12/22 03:01:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/22 03:01:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/21 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Roaming\Unity [2012/12/21 14:32:29 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/12/19 03:04:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/19 03:04:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/19 03:04:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/19 03:04:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/19 03:04:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/19 03:04:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/19 03:04:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/19 03:04:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/18 16:06:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/18 16:06:40 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012/12/18 16:06:40 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/12/18 16:06:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012/12/18 16:06:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012/12/18 16:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012/12/18 16:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012/12/18 16:06:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/18 16:06:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012/12/18 16:06:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012/12/18 16:06:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/18 16:06:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/12/06 14:36:35 | 000,166,400 | ---- | C] (CodeGear) -- C:\Users\Wagner\AppData\Roaming\mshui.dll [2012/12/01 10:22:07 | 000,000,000 | ---D | C] -- C:\Users\Wagner\Desktop\Calendar [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/30 19:54:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/30 18:47:18 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/30 18:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/30 16:39:17 | 000,000,261 | ---- | M] () -- C:\Users\Wagner\Desktop\K'NEX Model Instructions.url [2012/12/28 14:15:43 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 14:15:43 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/22 03:23:52 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/22 03:23:52 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/22 03:21:20 | 000,342,528 | ---- | M] () -- C:\Users\Wagner\AppData\Roaming\iercet.dll [2012/12/22 03:20:56 | 000,608,768 | ---- | M] (ALPS Electric Co., Ltd.) -- C:\Users\Wagner\AppData\Roaming\uidplp.dll [2012/12/22 03:19:27 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/22 03:18:55 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys [2012/12/21 09:43:29 | 000,001,307 | ---- | M] () -- C:\Users\Wagner\Desktop\ROBLOX Player.lnk [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/12/13 22:54:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/13 22:54:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/06 14:36:35 | 000,166,400 | ---- | M] (CodeGear) -- C:\Users\Wagner\AppData\Roaming\mshui.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/30 16:39:17 | 000,000,261 | ---- | C] () -- C:\Users\Wagner\Desktop\K'NEX Model Instructions.url [2012/12/22 03:21:17 | 000,342,528 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\iercet.dll [2012/11/22 16:35:27 | 000,235,958 | ---- | C] () -- C:\ProgramData\tbqafzfjdsysgzc [2012/09/21 21:18:13 | 000,000,000 | ---- | C] () -- C:\Users\Wagner\defogger_reenable [2012/05/05 12:02:26 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe [2012/05/05 12:02:12 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll [2012/05/05 11:59:01 | 000,037,376 | ---- | C] () -- C:\Windows\unlite.exe [2012/05/05 11:58:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\wddx_com.dll [2012/05/05 11:58:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2012/05/05 11:58:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll [2012/05/05 11:58:36 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2012/02/16 20:22:56 | 000,000,200 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/01/25 19:34:48 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012/01/17 09:32:52 | 000,023,091 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012/01/17 09:31:47 | 000,037,845 | ---- | C] () -- C:\Users\Wagner\AppData\Roaming\Comma Separated Values (Windows).ADR [2011/11/19 19:43:37 | 000,000,471 | ---- | C] () -- C:\Windows\iScreensaver.ini [2011/06/13 14:35:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012/11/15 03:32:52 | 000,000,000 | ---D | M] -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EGaD.Desktop [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/02/01 14:16:53 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Azureus [2012/09/21 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Boaf [2012/12/22 03:21:08 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Dropbox [2012/12/30 13:32:50 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\FileZilla [2012/05/20 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Ilium Software [2011/11/19 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\iScreensaver [2012/11/17 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\MotoCast [2012/08/03 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Motorola [2012/12/13 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Motorola Mobility [2012/03/28 15:35:54 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Oberon Media [2012/05/05 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Polkast [2012/03/28 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Tower Builder Game [2012/12/21 14:58:42 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Unity [2012/09/19 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Uvfeod [2012/08/03 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\ZumoCast ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:19AD1878 < End of report > OTL Extras logfile created on: 12/30/2012 8:11:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wagner\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.21 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.01% Memory free 6.43 Gb Paging File | 4.81 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.42 Gb Total Space | 39.81 Gb Free Space | 53.49% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 381.91 Gb Free Space | 82.00% Space Free | Partition Type: NTFS Computer Name: WAGNER-PC | User Name: Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4718345A-DB56-4DFC-869D-422DB2493611}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | "{4BEE8382-B0F3-429D-8F2B-C0AE7441EFC8}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{72D71CB9-7E26-48C8-AEFF-71448F2BA1E7}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AE07EC12-9685-49D6-A06F-B45D32298661}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{B3829E18-974F-4630-98E2-B5D077B74379}" = dir=in | app=c:\program files\motorola media link\lite\mml.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{8EB0F613-7EA2-4BAA-BA73-5613AA51FA1A}C:\program files\motorola mobility\motocast\motocast.exe" = protocol=6 | dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "TCP Query User{9182F70B-E8FC-4C43-BACC-1CA81F5263E1}C:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=6 | dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "TCP Query User{9DA38CC0-2DDF-41DD-8B50-022C76514499}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "TCP Query User{A4343BF1-6B79-4DD5-9195-1E3A8F60354E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | "UDP Query User{37C44FC7-BD93-4AF4-A2AF-2797621D570E}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "UDP Query User{645B4E18-FF19-4F0F-A147-159892DC2A95}C:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe" = protocol=17 | dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "UDP Query User{C5FE8901-A259-4023-B6F2-E8F129C0E77A}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe | "UDP Query User{E699CB19-1C73-44CA-B69A-209A7469CD17}C:\program files\motorola mobility\motocast\motocast.exe" = protocol=17 | dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK "{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}" = Macromedia HomeSite 5 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005673}" = Tower Builder "{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help "{888148E5-C3AE-4CF4-B50D-7CBF7A16AECD}" = Screenshot It Enabler "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010 "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "FileZilla Client" = FileZilla Client 3.5.3 "Google Calendar Sync" = Google Calendar Sync "HECI" = Intel® Management Engine Interface "Ilium Software eWallet GO!_is1" = eWallet GO! 1.1.2 "InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "PROR" = Microsoft Office Professional 2007 "TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5) "TopStyle Lite (Version 2)" = TopStyle Lite (Version 2) "ZumoCast" = ZumoCast ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Wagner "Dropbox" = Dropbox "HomeSite 4.5" = HomeSite 4.5 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/17/2012 2:04:36 PM | Computer Name = Wagner-PC | Source = MsiInstaller | ID = 11316 Description = Error - 11/18/2012 2:38:23 PM | Computer Name = Wagner-PC | Source = VSS | ID = 12344 Description = Error - 12/1/2012 4:23:28 PM | Computer Name = Wagner-PC | Source = Application Hang | ID = 1002 Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1584 Start Time: 01cdd001956db16f Termination Time: 10 Application Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Report Id: f008505b-3bf4-11e2-811c-002564e17e25 Error - 12/17/2012 7:28:21 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x01bff830 Faulting process id: 0xf54 Faulting application start time: 0x01cddcac7254effb Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 713f3953-48a1-11e2-97de-002564e17e25 Error - 12/18/2012 8:44:58 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x016df830 Faulting process id: 0xd70 Faulting application start time: 0x01cddd7b820a7a51 Faulting application path: C:\Windows\System32\rundll32.exe Faulting module path: unknown Report Id: 4ffa63fe-4975-11e2-8297-002564e17e25 Error - 12/21/2012 1:42:27 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_svclao.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0002b5f0 Faulting process id: 0xd48 Faulting application start time: 0x01cddddb88e4f025 Faulting application path: C:\Windows\System32\rundll32.exe Faulting module path: C:\Windows\system32\ole32.dll Report Id: c8df5ecd-4b95-11e2-b217-002564e17e25 Error - 12/21/2012 1:55:43 PM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00052d86 Faulting process id: 0xe64 Faulting application start time: 0x01cddddb8a527bf1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a36afc59-4b97-11e2-b217-002564e17e25 Error - 12/22/2012 7:47:12 AM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_iercet.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x008a6a90 Faulting process id: 0x1250 Faulting application start time: 0x01cde03677952e31 Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 5260440c-4c2d-11e2-b20f-002564e17e25 Error - 12/22/2012 7:47:13 AM | Computer Name = Wagner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: rundll32.exe_iercet.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x80000001 Fault offset: 0x00610072 Faulting process id: 0x1250 Faulting application start time: 0x01cde03677952e31 Faulting application path: C:\Windows\system32\rundll32.exe Faulting module path: unknown Report Id: 531480bd-4c2d-11e2-b20f-002564e17e25 Error - 12/30/2012 8:49:51 PM | Computer Name = Wagner-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 684 Start Time: 01cde6ef25aa535b Termination Time: 31 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: f7c5f523-52e3-11e2-b20f-002564e17e25 [ OSession Events ] Error - 9/26/2012 2:29:49 PM | Computer Name = Wagner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/6/2012 11:38:03 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/6/2012 3:55:53 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/6/2012 10:23:03 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/7/2012 11:04:27 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/7/2012 8:48:04 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/8/2012 4:41:34 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/8/2012 10:06:27 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/9/2012 5:14:53 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/9/2012 7:56:56 PM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 10/10/2012 6:00:14 AM | Computer Name = Wagner-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. < End of report > Thanks!!!
  19. Hey i had started a topic before but it was closed because i was gone for the weekend and did not reply. Anyway I did not get very far in the thread. I am attaching the pre work logs and also the combofix which i was told to run but thats as far as i got. My problem is that google was redirecting my browser and the computer was running slow Through some virius scans i think i was able to fix the google redirect but for some reason i think its still there. Also every time i scan its saying that my system has trojans or file recovery malware. Any help would be apperciated!
  20. Since past few days Duplicate cleaner(DC) would not start its GUI eventhough the Process Explorer lists it as started. Already it has been remembered allowed. I closed OA completely , and then on clicking Duplicate cleaner it would start immediately. Starting fresh , in a new session I removed the entry of DC from OA , and started DC. For all the alerts from OA , it was allowed and remembered and then DC opened without issues. I closed DC tried to restart, it would not start , former problem coming up once again. It seems strange that problems like these are propping up now and then after the incemental updates? An easy solution of trusting or excluding them might not be the right approach of what could be some sort of a deficiency.
  21. Since installing the free version I notice that some programmes seem to stall for a while. For instance I created an email in Outlook Express and then tried to send it. It is configured for automatic spell check. It hit the first word and then stalled, I could not exit the spell checker, It took some time before it went to the next word and then stalled on that, again I could not exit the spell checker, I just had to wait for the programme to do it’s own thing. It’s not just with OE, I have had the same problem with word. Are then any logs etc I can use to find out what is happening? Running Msoft *STALL* Security essentials I created this message in Word before pasting it online to the forum. Word stalled at this point *STALL*, I opened Msoft Security essentials to check it was up to date, closed it and then word would not respond for a couple of seconds. XP all updates
  22. Hi, I am a recent convert to the malware software (have used the firewall for several years. I allowed it to upgrade to the Beta v7 recently and have encountered the following problem if opening Outlook Professional 2003 under the following circumstance. This is running on a DELL Latitude D810 and running XP sp 3 (upto date with microsoft patches) When attempting to open Outlook while a deep scan (or custom) scan is running, Outlook appear to hang and has to be closed down to exit. The following message then appears "Outlook experienced a serious error the last time the add-in 'emisoft anti-malware was opened'. Would you like to disable this add-in? To reactivate this add-in, click About Microsoft Outlook on the Help menu, then click disabled items.' EmiSoft Anti-Malware version 7.0.0. On-Line Armor Firewall (Free) version 5.11.395 - SHould this still be the Free version despite my having purchased the suite? OS details: OS Name Microsoft Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600 OS Manufacturer Microsoft Corporation System Name JNB-LPT-GSOL System Manufacturer Dell Inc. System Model Latitude D810 System Type X86-based PC Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2128 Mhz BIOS Version/Date Dell Inc. A05, 2006/03/20 SMBIOS Version 2.3 Windows Directory C:\WINDOWS System Directory C:\WINDOWS\system32 Boot Device \Device\HarddiskVolume1 Locale South Africa Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)" User Name xxxxxxxxxxxxxxxxxxxxxxx Time Zone South Africa Standard Time Total Physical Memory 2,048.00 MB Available Physical Memory 1.09 GB Total Virtual Memory 2.00 GB Available Virtual Memory 1.96 GB Page File Space 4.85 GB Page File C:\pagefile.sys
  23. A OAP window opened with the legend "OA update" with a red circle and a white x in it. So I have tried to do a manual update of Product and also Signatures etc. Various error messages have been:- 1. Access violation at (the window closed too quickly for me to see where) 2. Socket error 10054. Connection reset by peer. 3. OA cannot process online updates. Please check internet connection settings or contact support History shows that the update failed. I have probably missed some important info that you need, so - all, and/or any help would be appreciated by this techie dumbo
  24. I signed up for your service last month because of infections I had, various trojans, etc. Just last week I was notified by Microsoft, I guess, that my email of 15 years (on their MSN.com system) was hacked. My email is so old I can't even recall the answer to the security question ... or I got it right and I'm being tricked. Microsoft, being the idiots they are, refuse to respond to their own request for help and offer no assistance even though they closed the account. But my question is how did I get hacked when your system was up and fully operational? Assuming I'm being tricked and the messages aren't really from Microsoft, this means the hackers got by your system. If not, how can MSN (which is basically Hotmail) get so hacked that even they cannot open my account? I'm confused and angry. Allan
  25. After activating BM to visit my bank web site, I canceled BM but the window wouldn't close as it normally does when changing one of the settings in the GUI (is that what the little window is called?) I had to click in another part of the browser window to get it to close. A little later the error message that oasr.exi has encountered an error and needs to close. So I closed down OAP and the browser to restart OA. As a matter of interest I opened the GUI again to see if BM was available again - it was still greyed out. After doing a restart of my computer, BM is still greyed out. As a not very techical bod - - - H E E E L P please