Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI fake virus [Solved]

Started by mawmaw , Oct 02 2012 08:39 PM

  • This topic is locked This topic is locked

#1
mawmaw
Posted 02 October 2012 - 08:39 PM

mawmaw

    Member

  • Member
  • PipPip
  • 85 posts
I had the fbi virus and sad to say my husband paid the money before he told me it was there. I tried to find my malware bytes but it wasnt there anymore so I downloaded it again and scanned. It showed up the fbi virus among other things. I clicked the fix button and supposedly it is gone. I just want to make sure it is gone because I was reading some of the posts and they said it may still be in the back ground. Thanks in advance.
  • 0

Advertisements

#2
maliprog
Posted 02 October 2012 - 11:26 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello mawmaw and welcome to my office here at G2G! Posted Image

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
mawmaw
Posted 03 October 2012 - 04:52 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I cant download it.My google chrome has been disabled and my internet explorer (which I couldnt use before) is now enabled but it tells me it is harmful and delete it. I disabled my anti virus and firewall(norton) but it still wouldnt let me. I can try a flash drive if you think that will work. (I am replying from my laptop)

But i cant figure out how to get it on the flash. Not used to vista yet.

Mawmaw

Edited by mawmaw, 03 October 2012 - 05:09 PM.

  • 0

#4
maliprog
Posted 03 October 2012 - 11:14 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We can use you laptop to download and transfer tools until we clean your PC. Forget my last instructions and here is new one for you.

Step 1

Please disable internet connection on you infected PC. If you have internet cable connected to your PC just disconnect it and restart your PC.

Step 2

We will need your laptop and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected.

Do this on your laptop:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

After this you can download tools on laptop. Right click on downloaded tool and select Copy option. Now clik on Start then Computer. Find your USB flash drive and right click on it. Select Paste to copy tool to USB.

Now you are ready to download tools on your laptop, transfer tools to infected PC and run all scans on infected PC from now on.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#5
mawmaw
Posted 04 October 2012 - 05:59 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I am extremely sorry. I figured out how to run it just not to my desktop. here is the otl.txt, have to look for the extras.txt


OTL logfile created on: 10/4/2012 6:34:48 PM - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\RickyandJackie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 56.92% Memory free
6.97 Gb Paging File | 5.01 Gb Available in Paging File | 71.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 867.05 Gb Free Space | 94.28% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: NEWSOMES | User Name: RickyandJackie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/04 18:34:12 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\RickyandJackie\Downloads\OTL (5).exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/10/05 14:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\CenturyLink\Home Network Manager\AffinegyService.exe
PRC - [2009/10/05 14:44:50 | 001,144,128 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\CenturyLink\Home Network Manager\HomeNetworkManager.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2009/10/05 14:44:56 | 000,020,288 | ---- | M] () -- C:\Program Files (x86)\CenturyLink\Home Network Manager\AffinegyServicePS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/30 02:42:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/21 08:38:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/17 14:18:00 | 000,562,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/05 14:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\CenturyLink\Home Network Manager\AffinegyService.exe -- (AffinegyService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 20:17:43 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 14:38:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/07 14:38:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/30 04:33:12 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 02:00:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 15:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/22 05:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 17:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 17:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/15 22:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/10/03 14:49:55 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121003.002\ex64.sys -- (NAVEX15)
DRV - [2012/10/03 14:49:55 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121003.002\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121002.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/12 18:05:55 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/08 22:08:26 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DB5842FF-251E-48EB-B87B-342C0FB42EBD}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DB5842FF-251E-48EB-B87B-342C0FB42EBD}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
IE - HKCU\..\URLSearchHook: {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{49657728-FEF2-40CB-A14F-AE31E258A46E}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\..\SearchScopes\{8B1D5AD1-4038-44B7-9146-04F9D6D34C19}: "URL" = http://websearch.ask...69-9D6BA6B9D39B
IE - HKCU\..\SearchScopes\{924DB0D8-CF86-4219-BCE1-9279AED72B8D}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80978&lng=en
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DB5842FF-251E-48EB-B87B-342C0FB42EBD}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\RickyandJackie\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\RickyandJackie\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RickyandJackie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RickyandJackie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RickyandJackie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/01/31 18:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/10/04 18:28:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.centurylink.net/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.centurylink.net/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaonkdgfnbiijefodhhpdilffkbbmg\7.15.2.23117_0\background/registryAccess.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: ArcadeCandy Textlinks Plugin (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.8.301_0\npCandyx.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\RickyandJackie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RickyandJackie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TrustLoke = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahemanonpcppbjdkdjemkhkpbllnfe\10.11.21.5_0\
CHR - Extension: DefaultTab = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.8_0\
CHR - Extension: Norton Identity Protection = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: Gmail = C:\Users\RickyandJackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\sysnative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\CenturyLink\Home Network Manager\HomeNetworkManager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6715BFB-42A2-4A4D-98E2-B716B74A1C8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/28 16:36:24 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\Malwarebytes
[2012/09/28 16:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 16:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 16:36:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 16:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/28 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\SpeedyPC Software
[2012/09/28 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\DriverCure
[2012/09/28 10:20:05 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/09/28 10:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/09/28 10:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/28 10:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/09/26 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\Floodlight Games
[2012/09/26 14:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Floodlight Games
[2012/09/19 16:28:16 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\LegacyGames
[2012/09/09 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\RickyandJackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/09/09 19:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/09/09 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/09/09 19:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis

========== Files - Modified Within 30 Days ==========

[2012/10/04 18:38:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 18:35:10 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 18:35:10 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 18:32:25 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/04 18:32:25 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/04 18:32:25 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/04 18:28:12 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/04 18:27:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 18:27:40 | 2808,201,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 18:10:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2085688355-285075232-533543441-1000UA.job
[2012/10/03 18:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/10/03 17:31:18 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/10/03 17:23:10 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRickyandJackie.job
[2012/10/03 17:23:09 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNEWSOMES$.job
[2012/10/02 20:39:48 | 000,009,103 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20121002.018
[2012/10/02 19:10:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2085688355-285075232-533543441-1000Core.job
[2012/10/02 10:57:52 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/09/28 16:46:58 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/09/28 16:36:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/28 10:20:05 | 000,001,203 | ---- | M] () -- C:\Users\RickyandJackie\Desktop\SpeedyPC Pro.lnk
[2012/09/27 23:17:59 | 083,023,306 | ---- | M] () -- C:\ProgramData\reweivmaet.pad
[2012/09/27 16:12:32 | 000,002,532 | ---- | M] () -- C:\Users\RickyandJackie\Desktop\Google Chrome.lnk
[2012/09/27 11:34:54 | 001,480,796 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/09/26 14:27:56 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/09/26 05:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
[2012/09/22 09:06:16 | 000,001,361 | ---- | M] () -- C:\Users\RickyandJackie\Desktop\ROBLOX Player.lnk
[2012/09/09 19:11:04 | 000,000,501 | ---- | M] () -- C:\Windows\eReg.dat
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/28 16:36:12 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/28 10:20:13 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/28 10:20:04 | 000,001,203 | ---- | C] () -- C:\Users\RickyandJackie\Desktop\SpeedyPC Pro.lnk
[2012/09/28 10:20:04 | 000,000,534 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/09/28 10:20:02 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/09/28 10:20:01 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/09/27 11:32:36 | 083,023,306 | ---- | C] () -- C:\ProgramData\reweivmaet.pad
[2012/09/09 19:11:04 | 000,000,501 | ---- | C] () -- C:\Windows\eReg.dat
[2012/02/14 14:02:27 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 07:00:31 | 000,000,089 | ---- | C] () -- C:\Users\RickyandJackie\AppData\Local\msmathematics.qat.RickyandJackie
[2011/10/07 14:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/07 14:38:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/11 01:45:16 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/11 12:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\sysnative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/12 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Alawar
[2012/01/08 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Awem
[2012/08/10 22:37:44 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\CasualForge
[2012/08/29 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\com.w3i.plyt
[2012/09/28 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\DriverCure
[2012/03/03 13:11:28 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\FamilyVacationCalifornia
[2011/12/26 22:33:50 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Flood Light Games
[2012/09/26 14:36:15 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Floodlight Games
[2012/02/05 17:35:02 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Gogii Games
[2012/03/04 15:39:34 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Happy Artist Studio
[2012/02/05 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\IronCode
[2012/08/23 19:16:35 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Kalydo
[2012/09/22 20:16:07 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\LegacyGames
[2012/03/11 22:32:37 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Meridian93
[2011/12/30 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\MumboJumbo
[2012/02/22 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Mystery of Mortlake Mansion
[2012/08/26 10:53:14 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\PlayFirst
[2012/01/22 17:46:17 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\Rainbow
[2012/08/05 09:25:22 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\SoftGrid Client
[2012/09/28 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\SpeedyPC Software
[2012/01/08 16:30:32 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\SpinTop Games
[2011/12/18 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\TP
[2012/07/03 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\WildTangent
[2011/12/19 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\RickyandJackie\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/10/07 14:35:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/10/07 14:35:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/10/07 14:35:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/10/07 14:35:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/10/07 14:35:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/10/07 14:35:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\sysnative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\sysnative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\sysnative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\sysnative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#6
mawmaw
Posted 04 October 2012 - 06:02 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL Extras logfile created on: 10/4/2012 6:04:10 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\RickyandJackie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 85.81% Memory free
6.97 Gb Paging File | 6.42 Gb Available in Paging File | 92.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 867.00 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive G: | 14.92 Gb Total Space | 13.40 Gb Free Space | 89.83% Space Free | Partition Type: FAT32

Computer Name: NEWSOMES | User Name: RickyandJackie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041BDC20-633D-45FB-995D-5D2667A2843E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0899CF21-45A6-481F-B79E-173ADCB450A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1079A757-5911-46E4-85A2-692AE0F1EBFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{18F15DBD-0A9F-4564-A3A3-842EC0BFBD6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A869602-FDED-4AB8-9E59-DCD608C1A7D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{336DD85D-A2C5-4CC6-ACA1-0AF08EBB8F70}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A320657-72F9-44BF-934E-2E0C10894513}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{444E61A5-559B-47A9-BAC2-868AAC591001}" = rport=137 | protocol=17 | dir=out | app=system |
"{4CC05FB1-7C16-4F41-BCFC-9DEB5375C640}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E16260A-6956-4F17-9848-3939D4D722D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{698E7653-AC36-47C0-B0FC-06685F3A5B05}" = lport=138 | protocol=17 | dir=in | app=system |
"{70EC2EFC-45F4-4C89-9AA4-5EBF7430D69E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7663CE1A-EDB8-4313-90E7-19B3CCD7ECA0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83B45422-D394-432B-9186-320FEB3AE0E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{846750B4-7F7D-493B-9C3D-85C89E4A63D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{92377925-7AA1-4E86-AD40-5EFBC9ADC2B8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{97C01D6A-3850-4BA5-A3BC-9FB36A99C7A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ABE93E1C-93BF-4291-9E15-05881AF438EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AD288974-567E-4F39-B48D-5E42815035CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BEA5ECA8-DE37-47D7-A326-4D5622E148C3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{C547CE25-58A2-4081-8B18-D9236C10088C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA653501-DA37-4640-8978-6FE01D498C4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0FCA9FD-171D-4F48-8102-045C7DBD5D8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E44FF320-5413-4D97-B85A-EF80D630BB0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFFA14B4-9228-4604-854A-F57812D42C63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F127F4C6-A833-4225-AA7F-BE4206C54917}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF35A3B9-FAF9-4FF9-92AD-FFFD0D95F2AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C081ADF-0F1F-431B-A195-5B2072672DEF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EB1E6C8-D9C3-485E-B35D-C7F53AAB714A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2644A08A-FE29-4D81-B64F-F7B25B38018C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F0A05F7-8D6D-499C-BB8F-7F857C0840B0}" = protocol=17 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |
"{3371BACA-1D30-4FAA-9D3C-891832B036AD}" = protocol=6 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |
"{390F768A-305D-448C-A464-435A905DF3CB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3BF6F37A-A41D-4813-BCD9-DA934C5FB791}" = protocol=17 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |
"{4519ADD5-5788-47C9-9BBE-CFE9BF352F48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47FD0C40-5DA8-4FF4-843B-36F58998C76B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D5021C5-031F-47C3-A739-7E8EFEF9B84E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{4FF38F62-4F17-429A-A6D8-1AF8B3DEE83C}" = protocol=1 | dir=out | [email protected],-28544 |
"{5169EB05-71E3-4BB8-9E23-DB3F7A901288}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{540E933E-6A0F-421C-84E7-4C3D754B0FB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{583ABF0C-34FD-4763-9E8B-43085902AD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C1EBA9B-3E92-4C54-90C0-F9587354ACC0}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{6980C1D0-8C7C-417B-80A2-34A5FBE97A4B}" = protocol=58 | dir=in | [email protected],-28545 |
"{6C294933-9375-45E0-AB4B-D9E0E95DFC8B}" = protocol=1 | dir=in | [email protected],-28543 |
"{7A60684D-3A83-4C75-83BD-1F36EECC5E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{7BC637D9-9FCC-4855-9685-F00A297AE033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82447B82-6374-4A3A-985B-0A5E5416097D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E4927E5-FFE3-4D25-AE53-8F8666ECB64B}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{97E7A63B-A8CC-47F1-9A36-B1296A36F720}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{990C03F5-F8D3-4572-B80A-04B4E78047F3}" = protocol=58 | dir=out | [email protected],-28546 |
"{9CA28BD3-9D4B-4EC3-9469-320EE0FAAF68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DF89DED-8074-4A21-8FEB-13295A1FE7BD}" = protocol=6 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |
"{9EBF9772-07C1-41BD-9F97-ABB5B55E8C43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A103828B-101E-4497-ADA7-7019F2F773BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B00A45A5-AA26-4B27-AB90-2F40688EBE02}" = protocol=6 | dir=out | app=system |
"{C0D01501-9043-4468-BC64-1E4D4D5FB8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{C6379D8B-32F3-46DD-B215-28FDB3B01EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{CEC349D0-CDB2-484E-9E4E-D76A820C91AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CEE57092-2B28-4C36-90A9-ADBF07B6E4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D5FB425C-1131-4EEF-8634-211B17ACD48A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2D1A06A-94D4-444A-99E9-E54776494ED6}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F8E12E7F-AFAE-4189-AF1D-4EC7BCDCD634}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C2E03593-B32E-49AE-9666-78B961220AA0}C:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |
"UDP Query User{D13B7FB5-B2A8-42CD-94C0-4C488B405A4A}C:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\centurylink\home network manager\homenetworkmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BCE1F46-1DA2-3607-65BA-EDFA544183B4}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BCC01139-903A-6FC7-3358-85B0AE332601}" = ATI Catalyst Install Manager
"{C9AAFA95-33DA-F963-DBD5-A9454DA2F19F}" = AMD Media Foundation Decoders
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C30C12-525A-8804-C623-8FC6DD4FF32F}" = CCC Help Chinese Traditional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{089063BB-5B9D-D4AB-22D2-59F6EF4DE09E}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B6F7BE6-A4A2-02C6-2467-C58954985AB3}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4337BD05-C42B-5F45-F228-EA5DC10BEB01}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4984BBF2-8A6B-0F27-300B-69C6C9125CC8}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4EFB7F0F-C6EB-B189-9B57-B599372F8A3A}" = CCC Help Italian
"{510DE38F-8FEC-4AFE-8C8C-8095C55C1DDC}" = TurboTax 2011 waliper
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59CE4831-355D-4110-9021-562D97913272}" = CCC Help German
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E5983-F9EA-61AE-632B-F26AC91B0E62}" = Catalyst Control Center Graphics Previews Common
"{68EBE0E8-C24F-DB74-0081-E976C7F9003D}" = CCC Help Finnish
"{6917E984-25D9-9D4E-7474-53262BEAE9F6}" = CCC Help Spanish
"{6ACE862C-EDDD-9A7E-FBF6-D06050F53D52}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71213B00-C3D5-C885-5302-9C6CC7DCE137}" = CCC Help Russian
"{717D3880-41BC-4CE8-3FA6-95DABE215DB1}" = CCC Help Danish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EEA0F2F-BC5C-3EB0-883D-B6F35730A5B5}" = CCC Help English
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{905E1976-AF8F-0351-EB63-5C76DC83165F}" = CCC Help Dutch
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{941DC878-781C-E5EF-C246-E44F969FB318}" = CCC Help Japanese
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CC6FC9-9E4B-17CF-EACA-031F07F48BA4}" = Catalyst Control Center InstallProxy
"{9651CB1C-7EB7-2372-F345-45727C1AB823}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7730A8E-CA1C-5238-02D6-45198D343202}" = CCC Help Thai
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2E84E76-6D0C-51E2-B0B1-7567B10AEC96}" = Catalyst Control Center Localization All
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BA945D93-DBEB-0BC6-B6AD-26330D2E9879}" = AMD VISION Engine Control Center
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB6189FB-94E0-CD39-7B41-92213433CD26}" = CCC Help French
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7422030-A87C-2A0C-7268-463512250CA4}" = CCC Help Portuguese
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E637DA92-2EAE-1B6F-9D65-A86F0780118E}" = CCC Help Hungarian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED15F807-4242-3091-B32E-A349C37141C0}" = CCC Help Czech
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7BFA5CC-8072-ACFD-D12F-69F4F2AAACB1}" = CCC Help Norwegian
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Home Network Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DefaultTab Chrome" = DefaultTab Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Lunar Lander with Pong" = Lunar Lander with Pong
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Network Play System (Patching)" = Network Play System (Patching)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"The Sims" = The Sims
"TurboTax 2011" = TurboTax 2011
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09366f58-8b2b-47b3-afeb-7f4bc3a0831b" = The Clumsys
"WTA-0fa3e65a-ff3c-4f39-a237-c9c0eae5bf60" = Tearstone
"WTA-114dcfea-4593-4c1c-b1d7-ed1ee3c7a9b9" = Governor of Poker 2 Premium Edition
"WTA-116adf55-a2f3-4449-99bb-139edbf08f94" = SpongeBob Diner Dash
"WTA-16c211b3-98b2-4f2d-80ab-44d9294b6a13" = Odysseus: Long Way From Home
"WTA-195d57cc-c549-4b21-870e-2a9983e4086e" = SpongeBob Typing
"WTA-1d3df905-69a8-479d-82d8-61b699899409" = Farm Frenzy
"WTA-1e000a42-6211-487b-b703-c77b785ffd0f" = Mystery of Mortlake Mansion
"WTA-1ea7003b-49b1-452e-9ed0-17c2601276a2" = Plants vs. Zombies - Game of the Year
"WTA-2d945ffd-3484-4d4b-8337-3956143eae58" = The Golden Years: Way Out West
"WTA-2ec5e3b7-19cc-4d43-87aa-e700106c669b" = Agatha Christie - Peril at End House
"WTA-3166bdd3-7790-46c2-81ff-6505c9be44b4" = Poker Superstars III
"WTA-31c0cfa3-6aab-4aa4-9203-2164047b77cf" = Slingo Supreme
"WTA-3861bed5-ae66-4c8f-89fe-8ce6658a88e4" = Lost Souls 2: Enchanted Paintings Collector's Edition
"WTA-38f03331-bc0e-4148-ae83-bb2382b8a04e" = Polar Bowler
"WTA-573d6ff1-bcf3-47f9-8b42-346cf3d0cf73" = Adventure Chronicles
"WTA-63cce9a9-8e93-4573-8d36-9d83cbf861d0" = Mah Jong Medley
"WTA-65188ed2-e1c7-429d-9909-c2fb198f7431" = Zuma Deluxe
"WTA-6c6a5523-a2ce-46b8-95c0-a8dc5ff34331" = Bedtime Stories: The Lost Dreams
"WTA-716d15b3-88fc-488a-ab16-b07602ebfbbe" = Chronicles of Albian
"WTA-756efa55-c002-4b78-a998-fce2fcfa2245" = Ancient Secrets
"WTA-777f9541-a3ec-4811-b3e2-49c77f906c3b" = Book of Legends
"WTA-7bc95d1a-d8e7-472a-ad51-bead43097c97" = Penguins!
"WTA-806935f9-944f-4e08-8feb-4d1370acbb65" = Family Vacation: California
"WTA-8ca93c2b-31d5-4fb8-b733-ace6ac0c27a9" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-909ce5f5-701d-41f3-ad32-97f5cb5435ba" = Special Enquiry Detail: Engaged to Kill
"WTA-9ea6c47c-58a8-4359-8c45-d4e4fe626772" = Virtual Villagers 5 - New Believers
"WTA-adf6bbd9-5531-4f0e-b74c-44b1ea34ae0e" = Hotel Mogul
"WTA-aff80d2b-1d14-4ced-a6d3-bae290ff9a22" = Alabama Smith in Escape from Pompeii
"WTA-b95cfd51-56d4-4ccb-9ead-562d057e245a" = Polar Golfer
"WTA-bac8dd70-0e68-427a-b337-6a97162d18fb" = Mystery of Unicorn Castle
"WTA-bb87f3a4-e21a-48f8-93e2-d9aa81e67eae" = Vacation Quest - The Hawaiian Islands
"WTA-bd70b2a4-b238-47e6-9b84-4513b598dd75" = Blackhawk Striker 2
"WTA-c49f6553-b7c7-4837-aeee-058758b29c3a" = Cradle of Rome 2
"WTA-ccb4a3ce-ce07-438a-8dda-4d4067a0388c" = Cake Mania
"WTA-d69e438b-f25e-4d6f-84e8-06b1d136df9b" = Namco All-Stars: PAC-MAN
"WTA-e6d25409-07ce-404b-8529-8064d5d9a194" = Ghost Whisperer
"WTA-ec92020d-275a-4200-a340-cec581bacfe1" = Pickers: Adventures in Rust
"WTA-f09ffbdc-63ff-4d90-8648-39095dccb002" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-facf2c67-c8eb-49b0-ae6d-709023a3e6d7" = FATE
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for RickyandJackie
"Google Chrome" = Google Chrome
"KalydoPlayer" = Kalydo Player 4.07.02
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2012 3:38:00 PM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x72c Faulting application start time: 0x01cd848b7746f8b7 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: b5636444-f07e-11e1-8870-38607776f2a6

Error - 8/28/2012 9:05:00 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x167c Faulting application start time: 0x01cd851dbaea61b7 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f8fae663-f110-11e1-8870-38607776f2a6

Error - 8/28/2012 10:05:01 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x19fc Faulting application start time: 0x01cd85261cafa5e8 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5b431643-f119-11e1-8870-38607776f2a6

Error - 8/28/2012 12:51:00 PM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: wmiprvse.exe, version: 6.1.7601.17514,
time stamp: 0x4ce79d42 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a
Faulting
process id: 0x9e4 Faulting application start time: 0x01cd853d4d781e3a Faulting application
path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8b628ce1-f130-11e1-8870-38607776f2a6

Error - 8/29/2012 6:38:00 PM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x202c Faulting application start time: 0x01cd8636f1672123 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 2f695d8d-f22a-11e1-8870-38607776f2a6

Error - 8/30/2012 7:05:00 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x8a8 Faulting application start time: 0x01cd869f4c35eba1 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8a38280c-f292-11e1-8870-38607776f2a6

Error - 8/30/2012 5:21:27 PM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 4.0.23.36,
time stamp: 0x502c4a94 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x192c Faulting application start time: 0x01cd86f55c9543a8 Faulting application
path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: a83e3e0e-f2e8-11e1-8870-38607776f2a6

Error - 8/31/2012 6:05:00 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: taskeng.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79d2c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0xf44 Faulting application start time: 0x01cd876014dc01a7 Faulting application
path: C:\Windows\system32\taskeng.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 52e4c5f0-f353-11e1-8870-38607776f2a6

Error - 8/31/2012 11:53:47 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: SpiderSolitaire.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc9f8 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a
Faulting
process id: 0x1e1c Faulting application start time: 0x01cd8790cdaa13a0 Faulting application
path: C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0c53bb7a-f384-11e1-8870-38607776f2a6

Error - 9/9/2012 12:50:51 PM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x0019aa76 Faulting
process id: 0x18e4 Faulting application start time: 0x01cd8e9b9b28ecae Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 82ec3e6f-fa9e-11e1-8870-38607776f2a6

Error - 9/10/2012 10:37:21 AM | Computer Name = Newsomes | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x0019aa76 Faulting
process id: 0x1c44 Faulting application start time: 0x01cd8f5f7e48e69d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 071d37cb-fb55-11e1-8870-38607776f2a6

[ Hewlett-Packard Events ]
Error - 1/23/2012 8:43:46 PM | Computer Name = Newsomes | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 2/6/2012 8:53:17 PM | Computer Name = Newsomes | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/8/2012 2:20:09 AM | Computer Name = Newsomes | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The communication object, System.ServiceModel.Channels.ServiceChannel,
cannot be used for communication because it has been Aborted. StackTrace: Server
stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicatorCallback.BeginTuneup()

at HPSA_Messenger.MessengerPopUpWindow.AppTimerEndHandler() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3570 Ram
Utilization: 20 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/21/2012 11:21:17 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/21/2012 11:21:18 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/28/2012 11:26:49 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/28/2012 11:26:50 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/4/2012 11:31:06 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/4/2012 11:31:14 AM | Computer Name = Newsomes | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3570 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 10/4/2012 7:01:28 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:03:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:03:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:03:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:08:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:08:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:08:14 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:10:22 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:10:22 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/4/2012 7:10:22 PM | Computer Name = Newsomes | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

#7
mawmaw
Posted 04 October 2012 - 06:52 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I ran the TDSSKiller but there wasnt a an option for reboot or a log (I probably did something wrong). It did find one suspicious object, dont know what it was as i expected a report. I hope you dont mind me going back to the original post. This computer (desktop) has windows 7. I have learned to disable the antivirus first and click the options button for the download anyway option.

Mawmaw

Edited by mawmaw, 04 October 2012 - 07:01 PM.

  • 0

#8
mawmaw
Posted 04 October 2012 - 07:06 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I found the tdsskiller log but it says it is too long to post.

Edited by mawmaw, 04 October 2012 - 07:15 PM.

  • 0

#9
maliprog
Posted 04 October 2012 - 11:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please do the following now:

  • Right-click on TDSSKiller log file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply
  • 0

#10
mawmaw
Posted 05 October 2012 - 03:19 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
TDSSKiller fileAttached File  TDSSKiller.2.8.10.0_04.10.2012_19.09.28_log.zip   167.02KB   154 downloads
  • 0

Advertisements

#11
maliprog
Posted 07 October 2012 - 05:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
So far, so good... Let's see results from this scan.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#12
mawmaw
Posted 07 October 2012 - 07:15 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Downloaded and scanning, may take a bit as it says will take 9 hours. found one already!
  • 0

#13
mawmaw
Posted 07 October 2012 - 08:31 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The kaspersky scan has stopped responding. It may be because my screen goes to the blue screen with the personal icons before setup. Dont know what you call it. Just know i have to put in my password. I had 2 options close program or wait til it responds. I clicked wait til it responds. At least it found the ransom virus and deleted it already. What do you want me to do.
  • 0

#14
maliprog
Posted 07 October 2012 - 11:06 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you can please restart your system once and try to run scan again. If it fails let me know.
  • 0

#15
mawmaw
Posted 08 October 2012 - 03:42 PM

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Attached File  kasperkyreport.txt   190bytes   121 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP