Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected


  • Please log in to reply

#1
gvnaz

gvnaz

    Member

  • Member
  • PipPip
  • 66 posts
any page i goto i get the message Internet Explorer stopped working, checking for a solution. it then finds nothing and has to be shut down. if i cancel the stopped working message then i get a popup that says A problem with this webpage has caused Internet Explorer to close and reopen the tab. things are normal until i click a link and then the process starts over.
i have Norton 360 on this computer and had to turn off Sonar to stop it from deleting OTL after i downloaded it but finally got it and here are the log files...
also, there were a ton of startup programs and i have disabled all but a couple throuch CCleaner. i will go through and see if i can find info on what each of them are doing.

OTL.txt
OTL logfile created on: 8/18/2012 10:49:05 PM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.09% Memory free
11.60 Gb Paging File | 9.62 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.21 Gb Total Space | 618.11 Gb Free Space | 90.87% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 22:48:52 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012/08/16 11:57:56 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe
PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 13:00:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:00:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/09 14:46:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 14:46:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 14:46:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 14:46:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/02 22:14:08 | 000,079,872 | ---- | M] () -- C:\Program Files (x86)\The Sea App (Internet Explorer)\SpicIEx.dll
MOD - [2011/11/02 16:18:17 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/08 12:58:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/16 11:57:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/07 16:05:56 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/09 17:29:12 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/11/16 20:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 20:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/20 20:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/20 20:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/08 12:58:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/25 09:55:58 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/15 12:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/08 12:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/08/18 22:16:45 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120818.017\ex64.sys -- (NAVEX15)
DRV - [2012/08/18 22:16:45 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120818.017\eng64.sys -- (NAVENG)
DRV - [2012/08/10 17:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 12:30:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 10:12:11 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/07 01:43:36 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {44f44034-6036-4f06-9336-74ec4620edab}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...19,17117,0,18,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000ac8112b2abac
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6B434BD7-E6A8-4B36-A30E-7669DF17FA77}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....0120727,0,0,0,0
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/08/07 16:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/08/18 22:42:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Sarah\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C6C49D7-6D3C-4273-8425-10662F242A4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85945BF5-E4A4-41E2-9631-3AF6A89B47E7}: DhcpNameServer = 4.2.2.2 204.117.214.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 22:33:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/18 22:30:35 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\UserData
[2012/08/18 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/18 22:29:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012/08/18 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012/08/18 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/18 22:28:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/18 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes
[2012/08/17 00:32:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4289CAA0-2C37-4C53-BB2C-6D010C4955D8}
[2012/08/17 00:32:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{6126AC15-FD13-425D-910D-B4AE0A63F08C}
[2012/08/17 00:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1F35FEF7-68DB-4820-9919-7BC563A6381C}
[2012/08/17 00:31:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{34E5CC28-313E-4ADB-A79E-E0A7E30D4668}
[2012/08/16 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{73B60359-7B45-485A-AEC8-3CC8FDE4C9F5}
[2012/08/16 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4699468D-3A10-48C0-A434-2A819F97E0D3}
[2012/08/16 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DEAB08A8-2FCE-4199-9023-D9053AA308BF}
[2012/08/16 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{973124FC-B173-40FB-AE7C-E8679911474D}
[2012/08/16 11:45:24 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys
[2012/08/16 11:45:24 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys
[2012/08/16 11:45:24 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys
[2012/08/16 11:45:24 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys
[2012/08/16 11:45:24 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys
[2012/08/16 11:45:23 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys
[2012/08/16 11:45:23 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys
[2012/08/16 11:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E
[2012/08/14 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\THIS CONTAINS ALL DOCUMENTS
[2012/08/09 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\EurekaLog
[2012/08/08 14:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/07 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Symantec
[2012/08/07 16:05:57 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/07 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/07 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/07 16:04:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/08/07 16:04:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/07 16:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/08/07 15:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/06 12:54:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/04 17:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/08/03 11:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/03 10:32:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/25 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E4D9EC83-D47F-47B2-BE4C-309228AF9F12}
[2012/07/25 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{C4785564-E395-4D85-934D-935358A57009}
[2012/07/24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{D4850899-0C6B-4ED0-A050-AE84E9981EF9}
[2012/07/24 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{A2C5C53A-B36C-466E-B675-FFBA2C3D3D42}
[2012/07/24 06:30:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{CBD6650F-3429-40C3-856B-540D235CB7D4}
[2012/07/23 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8569D19F-43D2-4849-8982-0DC49BBEAAD6}
[2012/07/23 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{ACAC76C1-3A69-4C9D-B8DF-8862A300D07D}
[2012/07/22 20:12:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2A7FBD34-F949-4952-A9E6-6CFCC56E6363}
[2012/07/22 20:12:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5160AEE6-BB00-41E7-805D-DCDE742381A4}
[2012/07/22 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8D6F1560-E1C3-47A1-8600-8C4090332CB5}
[2012/07/22 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2D377A91-7BB6-4906-B7CC-A7495EE4BA31}
[2012/07/22 19:15:31 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/22 19:11:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{40FD34C0-C6B5-42CE-97B4-3C93828ED34B}
[2012/07/22 19:10:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1976300D-8A78-4CE3-96E1-C427DC37083F}
[2012/07/22 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{72012213-286E-4B44-A28A-4AC0C7AC5304}
[2012/07/22 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{C12FCB53-34EC-4F14-88C5-8C787BDEDC25}
[2012/07/22 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{6D777A09-6978-4CEF-93D6-E15A407A13DA}
[2012/07/22 19:06:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{41702650-A834-4AAA-B80E-24F913C85EDB}
[4 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/18 22:50:19 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 22:50:19 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 22:42:45 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/18 22:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 22:42:12 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 22:06:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 22:06:12 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/08/17 12:22:23 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/17 12:22:23 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/17 12:22:23 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/17 01:27:52 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/17 01:25:42 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/17 01:25:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2012/08/17 01:25:03 | 001,485,194 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/16 11:45:25 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/09 22:44:34 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/09 14:33:00 | 000,002,454 | ---- | M] () -- C:\Users\Sarah\Documents\silpada.pdf
[2012/08/09 14:32:06 | 000,002,454 | ---- | M] () -- C:\Users\Sarah\Documents\SilpadaMRL.pdf
[2012/08/07 16:25:12 | 000,105,472 | ---- | M] () -- C:\Users\Sarah\Documents\VBS flyer insert pg 2.pub
[2012/08/07 16:05:56 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/07 16:05:56 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/07 16:05:56 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/04 17:14:09 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/03 11:20:55 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/22 19:32:18 | 000,335,360 | ---- | M] () -- C:\Users\Sarah\Documents\Kids Summer Activities insert.pub
[4 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 01:24:46 | 001,485,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/16 11:45:58 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/16 11:45:24 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.cat
[2012/08/16 11:45:24 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet64.cat
[2012/08/16 11:45:24 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.cat
[2012/08/16 11:45:24 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.cat
[2012/08/16 11:45:24 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa.inf
[2012/08/16 11:45:24 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds.inf
[2012/08/16 11:45:24 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet.inf
[2012/08/16 11:45:24 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.inf
[2012/08/16 11:45:24 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.inf
[2012/08/16 11:45:23 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.cat
[2012/08/16 11:45:23 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.cat
[2012/08/16 11:45:23 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.cat
[2012/08/16 11:45:23 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.inf
[2012/08/16 11:45:23 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.inf
[2012/08/16 11:45:07 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symvtcer.dat
[2012/08/16 11:45:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/09 14:33:00 | 000,002,454 | ---- | C] () -- C:\Users\Sarah\Documents\silpada.pdf
[2012/08/09 14:32:03 | 000,002,454 | ---- | C] () -- C:\Users\Sarah\Documents\SilpadaMRL.pdf
[2012/08/07 16:25:12 | 000,105,472 | ---- | C] () -- C:\Users\Sarah\Documents\VBS flyer insert pg 2.pub
[2012/08/07 16:05:57 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/07 16:05:57 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/07 16:05:51 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/04 17:14:09 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/03 11:20:55 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/03 10:32:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 19:32:17 | 000,335,360 | ---- | C] () -- C:\Users\Sarah\Documents\Kids Summer Activities insert.pub
[2012/07/08 08:01:48 | 000,003,021 | ---- | C] () -- C:\Users\Sarah\Microsoft Word 2010.lnk
[2012/07/07 18:43:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/01/10 22:37:09 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/02 10:08:29 | 000,017,408 | ---- | C] () -- C:\Users\Sarah\AppData\Local\WebpageIcons.db
[2011/10/24 22:47:25 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/04/15 12:05:50 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/15 12:05:50 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/15 12:05:48 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/04/15 11:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/01/10 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2011/11/03 14:39:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blio
[2012/08/09 14:33:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\EurekaLog
[2012/07/10 14:02:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Expert PDF 7
[2012/07/07 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Qwiklinx
[2012/07/07 19:13:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner
[2012/04/16 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Spotify
[2011/11/02 10:02:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synaptics
[2012/05/12 11:08:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Windows Live Writer
[2012/08/18 22:06:12 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/08/18 22:42:45 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/08/06 23:58:16 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras.txt
OTL Extras logfile created on: 8/18/2012 10:49:05 PM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.09% Memory free
11.60 Gb Paging File | 9.62 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.21 Gb Total Space | 618.11 Gb Free Space | 90.87% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07481E2F-EA8D-41CC-B9F6-9A359EF17FA1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{08EAC3F0-61FE-4278-A86B-CDCECCEB2C10}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C04FD5D-5D91-4E17-9D4B-254F27BC53EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{13465D12-9B32-487E-B578-310B3A13E33B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B1244C4-B53C-4747-A0E0-D5C95E6190A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B327DAC-D203-4B13-A269-CCFAFE506301}" = lport=10243 | protocol=6 | dir=in | app=system |
"{213A4B84-70D5-4807-8BB4-7D6D053A2BB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{432EDB8C-A003-406E-AD5A-B8E5A8FBB867}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B820D50-5658-4324-B89D-B0DC1C0493BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FAAAF1F-DBFD-4D86-909D-AAEC3BF18261}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58F917E3-DDB4-4EEA-A9CB-25609AB8E50C}" = lport=138 | protocol=17 | dir=in | app=system |
"{620C2D62-E77E-4C08-8E7C-E675A01F3278}" = rport=445 | protocol=6 | dir=out | app=system |
"{64B54A5C-966F-43E7-8CE6-DB72790F1218}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{71107CD3-9D56-46AB-BA0A-9A3EF8857F18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CE1B220-0325-44E6-A486-C93F3298DC1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8045C34A-C067-4566-AC21-E6D4BC2907E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FF4F9A6-7B56-4700-95E4-CD4E6312C355}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B61E9610-35F1-4A4C-8EF8-1D5117E1E521}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC41504F-5909-48F2-A302-B6C79A1419E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D03515CD-36B1-44E6-9C6B-AA6A310C4023}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5C2EF04-5B18-47FC-85DE-347593D3E9F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE25B5B6-E166-4D5A-9DC2-16F07E173B89}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0155C0A-CB82-4B0D-A878-DA3E5CB4161D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFC5B4B6-8F87-4604-9176-6AEC9AAB1BCA}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B38CB3-64D8-4C8B-AEDC-773B40A9BE32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CC5FD71-091E-4034-BA47-7BED0B137B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32457705-2C4B-44FB-9C0F-AE431F2D1643}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33CEDAB6-00D3-4F3F-AE56-0F35D93D8A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{36CE12C4-ADA6-42A2-AA50-3140E8C89E8F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CD00C4D-006E-4BA2-A1FA-9015646CCF36}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{46312F37-F1A3-4CF7-A0E2-C2F449F12212}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{463DE9D8-5386-447A-9A1C-7C627E5C8D82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{485DBECD-D2A9-4872-8509-69033C945076}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52C9054C-962C-4F4C-91BB-6B0DE0CA8C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54C29FD7-F5AD-431D-ACFA-4723CC133E7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{605177AE-0F5F-48C5-8CC2-E4D85B3C05E4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{652E399D-9EA2-46E5-8B23-9DEE148236DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65CCD182-D41C-4F8C-AEBB-D67B3513CBF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67528397-9C0E-4FA1-98E0-801C573C1867}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{748CE93F-0F85-42F6-B9B1-1DFEA40F9667}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B26D5AA-38D7-45E2-BDB2-1B90A47FC83D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{84A8289C-477E-4220-8088-21429C1B4746}" = protocol=6 | dir=out | app=system |
"{89BD027F-B46D-4231-A2F9-D8A03C11E9D0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8F5CF188-1562-47B8-8BD6-7FED7B5ED080}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9955CFB9-E2EC-4108-A112-260149835411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A245B7BD-3723-4896-8B54-E241C3E18A69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D0FCB7-1D0C-4778-84E9-AE25B66EE99B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AE8B0BEA-B482-4D6A-8D56-4F61370101EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC54187D-20F8-4CFB-A389-5A68FB7588EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BECC85C1-1E33-4445-AA90-5C94C8CB7A11}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C012CD03-28E8-4D90-BBFE-0C49C9A9F2D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1EBBF71-DDAF-47A4-AA0D-44D67B0CF773}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C574CF08-D63A-415D-903F-0B23F555A0FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C8DBCD26-259E-45C7-9650-8999FC327EF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E445F310-D5CB-4B9F-9828-49C9F5F75BF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E726B632-8636-4BC8-9A66-01CAC83AD40D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E85A6A92-F391-4A7C-BF91-A6ED7CD3C2E1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F33E2DC5-A2E4-48C3-B790-F08A7FED8798}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{F385DD05-0D93-4833-A2EE-3BC832ED3584}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C4EACDFC-4BD3-4553-8445-A55B55818835}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2E497885-E60B-420A-832D-0148B392E058}_is1" = Qwiklinx
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46BBA993-5554-42E7-8042-E760D92A580A}" = GIMP
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C213C0-DD1F-4A71-9F5F-896838953DD1}" = Cause of the Month Reminder by We-Care.com v5.0.6.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E56E5D38-5972-420A-9BAF-0F84471E0142}" = HP Documentation
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BabylonToolbar" = Babylon toolbar on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"N360" = Norton 360
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Surf Canyon" = Fast Search
"The Sea App" = The Sea App (Internet Explorer)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0815ccda-dc62-4613-b89a-381ce59b66d9" = Chuzzle Deluxe
"WTA-0fa3a419-bbe4-49d3-8ec5-b47b423e7432" = Mystery of Mortlake Mansion
"WTA-117120d9-dabe-4481-a071-c14a2bdb8bec" = FATE
"WTA-1c449dc6-856d-4f43-af80-7b4c52ec7077" = Slingo Supreme
"WTA-2bc60d80-c4f6-4ac9-b41b-19d989e36e78" = Penguins!
"WTA-2ecc600e-baca-498d-bbbe-3a7ee62253b7" = Polar Bowler
"WTA-2f67bf99-2386-462d-857b-711998be121d" = Cradle of Rome 2
"WTA-351ed7de-619a-4ccf-9e5e-e48b96bc552e" = Blasterball 3
"WTA-3cbcb228-dc9b-4bc4-92d3-4f4998bb9022" = Chronicles of Albian
"WTA-64fe7da2-a23b-40a2-8b9f-7c5b99e1c3a8" = Agatha Christie - Peril at End House
"WTA-713a647c-42e7-4c1f-bd8e-184d7e2aa27b" = Virtual Villagers 5 - New Believers
"WTA-772bad45-b4fb-43bf-b9f8-4af394d837a0" = Farm Frenzy
"WTA-7bb13454-e7af-4c95-a8e2-a8d905517919" = Plants vs. Zombies - Game of the Year
"WTA-8ce79824-8b2c-402c-bb32-a906e0111dc8" = Bejeweled 3
"WTA-8dc9463a-9618-4937-a552-a51a3f229a37" = Mah Jong Medley
"WTA-8e9b51e6-0464-417e-90e8-81f17d229747" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-9438a424-dc9b-49af-9865-5dfbbe841200" = Polar Golfer
"WTA-99829259-94f1-41a3-b1c1-de9e35ccd100" = Zuma Deluxe
"WTA-9bdfc44f-6371-4c74-9bd0-54879bd93941" = Poker Superstars III
"WTA-9f3242c8-7254-4ee8-b847-ba5040f4163b" = Governor of Poker 2 Premium Edition
"WTA-ad96fb30-9fc5-4f0c-ad34-4a35ea95cc57" = Namco All-Stars: PAC-MAN
"WTA-c78f41fb-c293-4267-9d63-c147f2eb2910" = Blackhawk Striker 2
"WTA-d2aa2e8a-c241-4dd9-bf55-fda0b0aadef8" = Bounce Symphony
"WTA-da02f56b-9e3e-4995-b2ab-8c987d2b70c0" = Cake Mania
"WTA-e1790771-83ef-477d-91f7-cad91dd344d9" = Vacation Quest - The Hawaiian Islands
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2012 11:39:41 AM | Computer Name = Sarah-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 85829255

Error - 7/31/2012 12:01:41 PM | Computer Name = Sarah-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 2:10:29 PM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
time stamp: 0x4f3a19cc Faulting module name: CoreFoundation.dll, version: 1.630.16.0,
time stamp: 0x4f3a0c6f Exception code: 0xc0000005 Fault offset: 0x0004bd32 Faulting
process id: 0xf44 Faulting application start time: 0x01cd6f35bc192dff Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Faulting
module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
Report
Id: 025c44d3-db3b-11e1-9c42-78e3b55d568c

Error - 7/31/2012 3:09:17 PM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting
process id: 0x1200 Faulting application start time: 0x01cd6f47c18ee207 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 39269376-db43-11e1-9c42-78e3b55d568c

Error - 7/31/2012 3:11:06 PM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting
process id: 0x42c Faulting application start time: 0x01cd6f501c8c401f Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 79cd041f-db43-11e1-9c42-78e3b55d568c

Error - 8/3/2012 4:22:28 AM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: APSDaemon.exe, version: 2.1.19.1, time
stamp: 0x4f3a19cc Faulting module name: APSDaemon_main.dll, version: 2.1.19.1, time
stamp: 0x4f3de559 Exception code: 0xc0000005 Fault offset: 0x000082f0 Faulting process
id: 0x107c Faulting application start time: 0x01cd6f35c1e586d3 Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Faulting
module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
Report
Id: 5c31fd03-dd44-11e1-9c42-78e3b55d568c

Error - 8/3/2012 12:45:05 PM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: APSDaemon.exe, version: 2.1.19.1, time
stamp: 0x4f3a19cc Faulting module name: APSDaemon_main.dll, version: 2.1.19.1, time
stamp: 0x4f3de559 Exception code: 0xc0000005 Fault offset: 0x000082f0 Faulting process
id: 0x1534 Faulting application start time: 0x01cd719730969f6f Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Faulting
module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
Report
Id: 930b494e-dd8a-11e1-9c42-78e3b55d568c

Error - 8/3/2012 1:30:07 PM | Computer Name = Sarah-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
time stamp: 0x4f3a19cc Faulting module name: CoreFoundation.dll, version: 1.630.16.0,
time stamp: 0x4f3a0c6f Exception code: 0xc0000005 Fault offset: 0x0004bd32 Faulting
process id: 0x1078 Faulting application start time: 0x01cd719d963d321a Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Faulting
module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
Report
Id: de1441b3-dd90-11e1-9823-78e3b55d568c

Error - 8/3/2012 1:30:16 PM | Computer Name = Sarah-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 1:50:51 PM | Computer Name = Sarah-HP | Source = MsiInstaller | ID = 11310
Description =

[ Hewlett-Packard Events ]
Error - 3/10/2012 1:04:18 AM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/24/2012 12:14:12 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:45:10 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:46:21 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:48:01 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:48:51 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:51:21 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:52:11 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:54:41 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 3:55:31 PM | Computer Name = Sarah-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 5/10/2012 7:06:07 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/10 16:06:07.023|0000198C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/10/2012 7:06:12 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/10 16:06:12.843|00000728|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/10/2012 7:06:16 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/10 16:06:16.777|00000700|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/10/2012 7:06:23 PM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/10 16:06:23.141|000009F4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/21/2012 11:48:39 AM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/21 08:48:39.226|00000CFC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/21/2012 11:49:00 AM | Computer Name = Sarah-HP | Source = CaslWmi | ID = 5
Description = 2012/05/21 08:49:00.240|00001B70|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/7/2012 6:49:54 PM | Computer Name = Sarah-HP | Source = CaslSmBios | ID = 5
Description = 2012/06/07 15:49:54.963|000011DC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 6/7/2012 6:51:02 PM | Computer Name = Sarah-HP | Source = CaslSmBios | ID = 5
Description = 2012/06/07 15:51:02.939|00000E80|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 6/7/2012 6:51:06 PM | Computer Name = Sarah-HP | Source = CaslSmBios | ID = 5
Description = 2012/06/07 15:51:06.065|00000FE0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/20/2012 12:24:23 AM | Computer Name = Sarah-HP | Source = CaslSmBios | ID = 5
Description = 2012/07/19 21:24:23.833|00001AE0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ Media Center Events ]
Error - 7/4/2012 8:31:18 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 5:31:17 PM - Error connecting to the internet. 5:31:18 PM - Unable
to contact server..

Error - 7/4/2012 8:31:31 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 5:31:23 PM - Error connecting to the internet. 5:31:23 PM - Unable
to contact server..

Error - 7/7/2012 3:43:31 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 12:43:30 PM - Error connecting to the internet. 12:43:30 PM - Unable
to contact server..

Error - 7/7/2012 3:43:54 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 12:43:51 PM - Error connecting to the internet. 12:43:51 PM - Unable
to contact server..

Error - 7/20/2012 12:13:00 AM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 9:13:00 PM - Error connecting to the internet. 9:13:00 PM - Unable
to contact server..

Error - 7/20/2012 12:13:33 AM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 9:13:29 PM - Error connecting to the internet. 9:13:29 PM - Unable
to contact server..

Error - 7/31/2012 12:05:36 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 9:05:35 AM - Error connecting to the internet. 9:05:36 AM - Unable
to contact server..

Error - 7/31/2012 12:05:46 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 9:05:41 AM - Error connecting to the internet. 9:05:41 AM - Unable
to contact server..

Error - 7/31/2012 1:11:03 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 10:11:03 AM - Error connecting to the internet. 10:11:03 AM - Unable
to contact server..

Error - 7/31/2012 1:11:09 PM | Computer Name = Sarah-HP | Source = MCUpdate | ID = 0
Description = 10:11:08 AM - Error connecting to the internet. 10:11:08 AM - Unable
to contact server..

[ System Events ]
Error - 8/3/2012 2:24:41 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/3/2012 4:00:19 PM | Computer Name = Sarah-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:58:04 PM on ?8/?3/?2012 was unexpected.

Error - 8/3/2012 4:00:26 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/6/2012 12:05:14 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/7/2012 2:58:33 AM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Kaspersky
Anti-Virus Service service to connect.

Error - 8/7/2012 2:58:33 AM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Anti-Virus Service service failed to start due to the
following error: %%1053

Error - 8/7/2012 2:58:58 AM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/7/2012 3:10:20 AM | Computer Name = Sarah-HP | Source = bowser | ID = 8003
Description =

Error - 8/7/2012 6:51:28 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Kaspersky
Anti-Virus Service service to connect.

Error - 8/7/2012 6:51:28 PM | Computer Name = Sarah-HP | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Anti-Virus Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
same problems as above. for some reason it didn't give me an extras.txt this time.

OTL.txt
OTL logfile created on: 8/22/2012 11:40:27 PM - Run 2
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 77.69% Memory free
11.60 Gb Paging File | 10.20 Gb Available in Paging File | 87.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.21 Gb Total Space | 617.72 Gb Free Space | 90.81% Space Free | Partition Type: NTFS
Drive D: | 14.26 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: SARAH-HP | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 22:48:52 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe
PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/08 12:58:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/16 11:57:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/07 16:05:56 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/09 17:29:12 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/11/16 20:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 20:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/20 20:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/20 20:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/08 12:58:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/25 09:55:58 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/15 12:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/08 12:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/08/18 22:16:45 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120818.017\ex64.sys -- (NAVEX15)
DRV - [2012/08/18 22:16:45 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120818.017\eng64.sys -- (NAVENG)
DRV - [2012/08/10 17:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 12:30:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 10:12:11 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/07 01:43:36 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {44f44034-6036-4f06-9336-74ec4620edab}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...19,17117,0,18,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000ac8112b2abac
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6B434BD7-E6A8-4B36-A30E-7669DF17FA77}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\..\SearchScopes\{6E4C907F-435E-4254-9567-F9D31DA29F13}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....0120727,0,0,0,0
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/08/07 16:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/08/22 23:37:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Sarah\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C6C49D7-6D3C-4273-8425-10662F242A4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85945BF5-E4A4-41E2-9631-3AF6A89B47E7}: DhcpNameServer = 4.2.2.2 204.117.214.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 22:33:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/18 22:30:35 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\UserData
[2012/08/18 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/18 22:29:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012/08/18 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012/08/18 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/18 22:28:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/18 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes
[2012/08/17 00:32:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4289CAA0-2C37-4C53-BB2C-6D010C4955D8}
[2012/08/17 00:32:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{6126AC15-FD13-425D-910D-B4AE0A63F08C}
[2012/08/17 00:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1F35FEF7-68DB-4820-9919-7BC563A6381C}
[2012/08/17 00:31:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{34E5CC28-313E-4ADB-A79E-E0A7E30D4668}
[2012/08/16 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{73B60359-7B45-485A-AEC8-3CC8FDE4C9F5}
[2012/08/16 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4699468D-3A10-48C0-A434-2A819F97E0D3}
[2012/08/16 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DEAB08A8-2FCE-4199-9023-D9053AA308BF}
[2012/08/16 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{973124FC-B173-40FB-AE7C-E8679911474D}
[2012/08/16 11:45:24 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys
[2012/08/16 11:45:24 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys
[2012/08/16 11:45:24 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys
[2012/08/16 11:45:24 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys
[2012/08/16 11:45:24 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys
[2012/08/16 11:45:23 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys
[2012/08/16 11:45:23 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys
[2012/08/16 11:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E
[2012/08/14 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\THIS CONTAINS ALL DOCUMENTS
[2012/08/09 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\EurekaLog
[2012/08/08 14:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/07 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Symantec
[2012/08/07 16:05:57 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/07 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/07 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/07 16:04:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/08/07 16:04:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/07 16:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/08/07 15:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/06 12:54:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/04 17:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/08/03 11:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/03 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/03 10:32:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/25 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E4D9EC83-D47F-47B2-BE4C-309228AF9F12}
[2012/07/25 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{C4785564-E395-4D85-934D-935358A57009}
[2012/07/24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{D4850899-0C6B-4ED0-A050-AE84E9981EF9}
[2012/07/24 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{A2C5C53A-B36C-466E-B675-FFBA2C3D3D42}
[2012/07/24 06:30:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{CBD6650F-3429-40C3-856B-540D235CB7D4}
[4 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 23:45:03 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 23:45:03 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 23:39:11 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/22 23:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 23:36:53 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 22:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 22:06:12 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/08/17 12:22:23 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/17 12:22:23 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/17 12:22:23 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/17 01:27:52 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/17 01:25:42 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/17 01:25:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2012/08/17 01:25:03 | 001,485,194 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/16 11:45:25 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/09 22:44:34 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/09 14:33:00 | 000,002,454 | ---- | M] () -- C:\Users\Sarah\Documents\silpada.pdf
[2012/08/09 14:32:06 | 000,002,454 | ---- | M] () -- C:\Users\Sarah\Documents\SilpadaMRL.pdf
[2012/08/07 16:25:12 | 000,105,472 | ---- | M] () -- C:\Users\Sarah\Documents\VBS flyer insert pg 2.pub
[2012/08/07 16:05:56 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/07 16:05:56 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/07 16:05:56 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/04 17:14:09 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/03 11:20:55 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 01:24:46 | 001,485,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/16 11:45:58 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/16 11:45:24 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.cat
[2012/08/16 11:45:24 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet64.cat
[2012/08/16 11:45:24 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.cat
[2012/08/16 11:45:24 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.cat
[2012/08/16 11:45:24 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa.inf
[2012/08/16 11:45:24 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds.inf
[2012/08/16 11:45:24 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet.inf
[2012/08/16 11:45:24 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.inf
[2012/08/16 11:45:24 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.inf
[2012/08/16 11:45:23 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.cat
[2012/08/16 11:45:23 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.cat
[2012/08/16 11:45:23 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.cat
[2012/08/16 11:45:23 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.inf
[2012/08/16 11:45:23 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.inf
[2012/08/16 11:45:07 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symvtcer.dat
[2012/08/16 11:45:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/09 14:33:00 | 000,002,454 | ---- | C] () -- C:\Users\Sarah\Documents\silpada.pdf
[2012/08/09 14:32:03 | 000,002,454 | ---- | C] () -- C:\Users\Sarah\Documents\SilpadaMRL.pdf
[2012/08/07 16:25:12 | 000,105,472 | ---- | C] () -- C:\Users\Sarah\Documents\VBS flyer insert pg 2.pub
[2012/08/07 16:05:57 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/07 16:05:57 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/07 16:05:51 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/04 17:14:09 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/03 11:20:55 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/03 10:32:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 08:01:48 | 000,003,021 | ---- | C] () -- C:\Users\Sarah\Microsoft Word 2010.lnk
[2012/07/07 18:43:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/01/10 22:37:09 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/02 10:08:29 | 000,017,408 | ---- | C] () -- C:\Users\Sarah\AppData\Local\WebpageIcons.db
[2011/10/24 22:47:25 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/04/15 12:05:50 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/15 12:05:50 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/15 12:05:48 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/04/15 11:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/01/10 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2011/11/03 14:39:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blio
[2012/08/09 14:33:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\EurekaLog
[2012/07/10 14:02:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Expert PDF 7
[2012/07/07 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Qwiklinx
[2012/07/07 19:13:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner
[2012/04/16 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Spotify
[2011/11/02 10:02:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synaptics
[2012/05/12 11:08:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Windows Live Writer
[2012/08/18 22:06:12 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/08/22 23:39:11 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/08/06 23:58:16 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000ac8112b2abac
    IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebs...r={searchTerms}
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Sarah\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    [4 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]
    [2012/01/10 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
    [2012/07/07 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Qwiklinx
    [2012/07/07 19:13:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\BabylonToolbar
    C:\ProgramData\WeCareReminder
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
here is the OTL log that it gave me after the reboot. i will run combofix now and reply back with that log when finished.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
C:\Users\Sarah\AppData\Roaming\Qwiklinx\Qwiklinx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
C:\Users\Sarah\Documents\~WRL0003.tmp deleted successfully.
C:\Users\Sarah\Documents\~WRL0004.tmp deleted successfully.
C:\Users\Sarah\Documents\~WRL0005.tmp deleted successfully.
C:\Users\Sarah\Documents\~WRL0479.tmp deleted successfully.
C:\Users\Sarah\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Qwiklinx\TestFeeds folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Qwiklinx folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner\Undo folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner\Log folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner\Backup folder moved successfully.
C:\Users\Sarah\AppData\Roaming\Smart PC Cleaner folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome folder moved successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan folder moved successfully.
C:\ProgramData\WeCareReminder folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sarah
->Temp folder emptied: 10685106 bytes
->Temporary Internet Files folder emptied: 10124893 bytes
->FireFox cache emptied: 39530514 bytes
->Flash cache emptied: 743 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83787 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes
RecycleBin emptied: 31654590 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.0 log created on 08232012_191546

Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
  • 0

#6
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
i just realized that it keeps hiding the file extensions. i have gone in and told it not to hide extensions for known file types 3 or 4 times now.
*edit - Internet Explorer seems to be OK now. haven't gotten any 'stopped working' errors during this session.

here is the ComboFix log.

ComboFix 12-08-22.03 - Sarah 08/23/2012 19:35:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.4424 [GMT -7:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\Desktop\Setup.exe
c:\users\Sarah\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
.
.
2012-08-24 02:15 . 2012-08-24 02:15 -------- d-----w- C:\_OTL
2012-08-23 08:14 . 2012-08-23 08:14 -------- d-----w- c:\users\Sarah\AppData\Local\Mozilla
2012-08-23 08:14 . 2012-08-23 08:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-19 05:30 . 2012-08-19 05:30 -------- d-sh--w- c:\users\Sarah\UserData
2012-08-19 05:29 . 2012-08-19 05:29 -------- d-----w- c:\program files\CCleaner
2012-08-19 05:29 . 2012-08-19 05:29 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-08-19 05:28 . 2012-08-19 05:28 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 05:28 . 2012-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes
2012-08-19 05:28 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-09 21:19 . 2012-08-09 21:33 -------- d-----w- c:\users\Sarah\AppData\Roaming\EurekaLog
2012-08-08 21:07 . 2012-08-08 21:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-07 23:05 . 2012-08-07 23:05 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-07 23:05 . 2012-08-07 23:05 -------- d-----w- c:\program files\Symantec
2012-08-07 23:05 . 2012-08-07 23:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-07 23:04 . 2012-08-17 08:25 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-08-07 23:04 . 2012-08-07 23:04 -------- d-----w- c:\program files (x86)\Norton 360
2012-08-07 22:58 . 2012-08-07 22:58 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-07 07:03 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{986A342D-CDFB-4394-8A62-492E917015A0}\mpengine.dll
2012-08-05 00:12 . 2012-08-05 00:12 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-08-03 18:20 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-03 18:20 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-03 18:20 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-03 18:20 . 2012-08-03 18:20 -------- d-----w- c:\program files\iTunes
2012-08-03 18:20 . 2012-08-03 18:20 -------- d-----w- c:\program files (x86)\iTunes
2012-08-03 18:20 . 2012-08-03 18:20 -------- d-----w- c:\program files\iPod
2012-08-03 17:32 . 2012-08-16 18:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 17:32 . 2012-08-03 17:32 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 18:57 . 2011-07-21 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 19:12 . 2012-04-10 17:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-31 19:11 . 2012-04-10 17:22 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-31 19:11 . 2012-04-10 17:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-31 19:11 . 2012-07-10 20:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-23 02:13 . 2012-07-23 02:13 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-20 17:54 . 2012-05-23 23:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-20 17:53 . 2012-05-23 23:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-20 17:53 . 2012-05-23 22:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-20 17:53 . 2012-04-10 17:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-11 04:29 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 04:29 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 04:29 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 04:29 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 04:29 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:29 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:29 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 21:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 21:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 21:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 04:29 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 04:29 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 04:29 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 04:29 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 04:29 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 04:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 04:29 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:29 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 04:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-22 4862384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-04-08 338536]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120822.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-25 533096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-10 1145960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 18:57]
.
2012-08-17 c:\windows\Tasks\HPCeeScheduleForSarah.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120519,17117,0,18,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mieka25b.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-23 19:48:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-24 02:48
.
Pre-Run: 665,275,654,144 bytes free
Post-Run: 665,088,270,336 bytes free
.
- - End Of File - - D67CA2BF46022E8F0935475C6F618342

Edited by gvnaz, 23 August 2012 - 09:43 PM.

  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
That's looking a lot better. :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
looks good and feels better!

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-HP [administrator]

8/24/2012 6:36:20 AM
mbam-log-2012-08-24 (06-36-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215112
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#10
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
thanks a lot, Gammo! computer is running great now. i have installed Firefox and i will be switching from Adobe Reader over to PDF-XChange Viewer. i also went ahead and uninstalled all the toolbars that were running on IE. i think that is it. thanks again for your time!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP