Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is running slow. Facebook problem [Solved]

Started by BaeWells , Apr 10 2013 07:11 PM

  • This topic is locked This topic is locked

#1
BaeWells
Posted 10 April 2013 - 07:11 PM

BaeWells

    Member

  • Member
  • PipPip
  • 11 posts
I'm not sure where to start! I am in no way computer literate! On 4/9/13 I was sent a msg from "Facebook Security" I knew it wasn't real because of the letters weren't right. When I went to delete it, my finger hit the link that was sent with it opeing a page that said my facebook account had been hacked I needed send in my account info. I closed the window. Then after that I was not able to log back in to my account. Also, my computer has been slow. I called a facebook tech number, they remotely accessed my computer, which they found the "hacker". It was someone from CA. They told me that for $199 they could clean up my computer & fix the problem & give me security for the computer for 2 years. I don't have that kind of money to fix the problem. I'm just sick that this has happend. If possible to help my situation at a fair price I would be willing to pay. I really don't know what all this means. If someone can explain it to me I can follow directions! :-) Thank you!


OTL logfile created on: 4/10/2013 8:32:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gayle's\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.05% Memory free
5.49 Gb Paging File | 3.29 Gb Available in Paging File | 59.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.48 Gb Total Space | 196.59 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive D: | 16.31 Gb Total Space | 2.35 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
Drive G: | 34.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GAYLES-HP | User Name: Gayle's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 20:30:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle's\Downloads\OTL.exe
PRC - [2013/03/13 00:47:44 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/15 18:31:18 | 001,430,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/10/19 15:46:22 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
PRC - [2012/10/19 15:46:00 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/04/17 19:14:39 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
PRC - [2012/04/17 19:14:39 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2012/02/03 23:55:59 | 000,050,544 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\symerr.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/01/12 07:45:28 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\mcuicnt.exe
PRC - [2010/12/09 14:40:04 | 003,826,968 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/05 18:58:07 | 000,205,824 | ---- | M] () -- C:\Users\Gayle's\AppData\Local\Temp\WindowsAPI.dll2958800235966030672.lib
MOD - [2013/03/15 18:57:18 | 000,509,440 | ---- | M] () -- C:\Users\Gayle's\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
MOD - [2012/12/18 10:28:12 | 000,305,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/10/23 18:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/10/19 15:46:20 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
MOD - [2012/10/19 15:46:20 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2012/10/19 15:46:20 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
MOD - [2012/10/19 15:46:20 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
MOD - [2012/10/19 15:46:20 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
MOD - [2012/10/19 15:46:20 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
MOD - [2012/10/19 15:46:20 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
MOD - [2012/10/19 15:46:20 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
MOD - [2012/10/19 15:46:20 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
MOD - [2012/10/19 15:46:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
MOD - [2012/10/19 15:46:20 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
MOD - [2012/10/19 15:46:20 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
MOD - [2012/10/19 15:46:18 | 000,531,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2012/10/19 15:46:18 | 000,363,008 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2012/10/19 15:46:18 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
MOD - [2012/10/19 15:46:18 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
MOD - [2012/10/19 15:46:18 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2012/10/19 15:46:18 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
MOD - [2012/10/19 15:46:18 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2012/10/19 15:46:18 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
MOD - [2012/10/19 15:46:18 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
MOD - [2012/10/19 15:46:18 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2012/10/19 15:46:18 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2012/10/19 15:46:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
MOD - [2012/10/19 15:46:18 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
MOD - [2012/10/19 15:46:18 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
MOD - [2012/10/19 15:46:18 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
MOD - [2012/10/19 15:46:18 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
MOD - [2012/10/19 15:46:18 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
MOD - [2012/10/19 15:46:18 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
MOD - [2012/10/19 15:46:18 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
MOD - [2012/10/19 15:46:18 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2012/10/19 15:46:18 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
MOD - [2012/10/19 15:46:18 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
MOD - [2012/10/19 15:46:18 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
MOD - [2012/10/19 15:46:18 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
MOD - [2012/10/19 15:46:16 | 001,563,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
MOD - [2012/10/19 15:46:16 | 001,376,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
MOD - [2012/10/19 15:46:16 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
MOD - [2012/10/19 15:46:16 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2012/10/19 15:46:16 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2012/10/19 15:46:14 | 002,009,600 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2012/10/19 15:46:14 | 001,694,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2012/10/19 15:46:14 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2012/10/19 15:46:12 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2012/10/19 15:46:12 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2012/10/19 15:46:12 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
MOD - [2012/10/19 15:46:12 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
MOD - [2012/10/19 15:46:10 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
MOD - [2012/10/19 15:46:10 | 000,123,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
MOD - [2012/10/19 15:46:10 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2012/10/19 15:46:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2012/10/19 15:46:10 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2012/10/19 15:46:10 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
MOD - [2012/10/19 15:46:10 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
MOD - [2012/10/19 15:46:10 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
MOD - [2012/10/19 15:46:10 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
MOD - [2012/10/19 15:46:10 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
MOD - [2012/10/19 15:46:10 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
MOD - [2012/10/19 15:46:10 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
MOD - [2012/10/19 15:46:10 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
MOD - [2012/10/19 15:46:10 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2012/10/19 15:46:10 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2012/10/19 15:46:08 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
MOD - [2012/10/19 15:46:08 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
MOD - [2012/10/19 15:46:08 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
MOD - [2012/10/19 15:46:08 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
MOD - [2012/10/19 15:46:08 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
MOD - [2012/10/19 15:46:08 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
MOD - [2012/10/19 15:46:08 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
MOD - [2012/10/19 15:46:08 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
MOD - [2012/10/19 15:46:08 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
MOD - [2012/10/19 15:46:08 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2012/10/19 15:46:06 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
MOD - [2012/10/19 15:46:06 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
MOD - [2012/10/19 15:46:06 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
MOD - [2012/10/19 15:46:06 | 000,123,947 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2012/10/19 15:46:04 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
MOD - [2012/10/19 15:46:04 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,248,352 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2012/10/19 15:46:04 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
MOD - [2012/10/19 15:46:04 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
MOD - [2012/10/19 15:46:04 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2012/10/19 15:46:02 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
MOD - [2012/10/19 15:46:00 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
MOD - [2012/10/19 15:46:00 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 12:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 01:05:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/04/17 19:14:39 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/06/14 12:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/20 02:51:57 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/24 23:53:36 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/08 11:52:32 | 000,256,512 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV:64bit: - [2010/07/08 11:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV:64bit: - [2010/07/08 11:52:32 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2010/06/17 13:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 12:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/07 15:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 09:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/22 21:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2013/03/21 21:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/19 14:19:29 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130410.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/19 14:19:29 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130410.003\eng64.sys -- (NAVENG)
DRV - [2012/12/01 00:22:44 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130406.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/16 07:34:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A5B4AD26-107E-4027-A4CA-4967E25265CB}
IE:64bit: - HKLM\..\SearchScopes\{01F2B86C-C0AF-4358-9929-2A79848569BA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{A5B4AD26-107E-4027-A4CA-4967E25265CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DA659754-7EF0-4696-B4CD-29C71D286334}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {A5B4AD26-107E-4027-A4CA-4967E25265CB}
IE - HKLM\..\SearchScopes\{01F2B86C-C0AF-4358-9929-2A79848569BA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{A5B4AD26-107E-4027-A4CA-4967E25265CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{DA659754-7EF0-4696-B4CD-29C71D286334}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A5B4AD26-107E-4027-A4CA-4967E25265CB}
IE - HKCU\..\SearchScopes\{01F2B86C-C0AF-4358-9929-2A79848569BA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{A5B4AD26-107E-4027-A4CA-4967E25265CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{DA659754-7EF0-4696-B4CD-29C71D286334}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\23\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2012/04/17 19:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/20 02:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/04/05 19:00:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" File not found
O4 - HKCU..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58B8C3FB-39FF-4E2E-B489-74A42994D32B}: NameServer = 198.224.188.236 198.224.189.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: DhcpNameServer = 40.5.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17FEB1B-D56F-48F3-B5FA-046BD2A49041}: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 03:39:48 | 000,000,074 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\Shell\AutoRun\command - "" = G:\VerizonSWUpgradeAssistantLauncher.exe
O33 - MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe -- [2009/09/13 23:13:58 | 002,320,432 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 14:28:03 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\TeamViewer
[2013/04/09 12:24:47 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\Jane s Hotel 3
[2013/04/06 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarEntertainment
[2013/04/05 19:53:08 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\Nitreal Games
[2013/03/27 01:20:27 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\ShamanGS
[2013/03/22 15:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Local\{7012C488-FECA-484A-A918-4691D06F08BF}
[2013/03/21 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Local\{596229F7-5A7E-4FA4-9D3B-DDF637458BA2}
[2013/03/21 17:32:08 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\Melesta
[2013/03/20 20:45:48 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\Documents\8floor
[2013/03/16 21:55:14 | 000,000,000 | ---D | C] -- C:\Binaries
[2013/03/16 21:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Media Link
[2013/03/16 21:53:54 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\Motorola Mobility
[2013/03/16 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2013/03/15 18:57:47 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\.gstreamer-0.10
[2013/03/15 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Local\Motorola
[2013/03/15 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013/03/15 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/03/15 18:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013/03/15 18:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/03/15 18:55:57 | 000,000,000 | ---D | C] -- C:\Temp
[2013/03/15 18:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2013/03/15 18:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2013/03/15 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\Motorola
[2013/03/15 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2013/03/15 18:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
[2013/03/15 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Roaming\MotoCast
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/10 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/10 19:35:55 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/10 19:35:55 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/10 19:35:55 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/10 18:37:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/07 17:20:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 17:20:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 18:56:14 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/03 11:58:13 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGayle's.job
[2013/03/15 19:00:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/03/15 19:00:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/03/15 19:00:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/03/15 19:00:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/03/15 19:00:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/15 19:00:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/03/15 19:00:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/03/15 19:00:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/03/15 19:00:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/03/15 19:00:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012/07/21 17:19:55 | 000,504,785 | ---- | C] () -- C:\Users\Gayle's\.DLMSave_back.xml
[2012/07/21 17:19:55 | 000,504,785 | ---- | C] () -- C:\Users\Gayle's\.DLMSave.xml
[2012/07/21 17:19:04 | 000,001,241 | ---- | C] () -- C:\Users\Gayle's\.Setting.ini
[2012/06/26 15:05:33 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
[2011/04/29 03:36:43 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/08 11:11:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/05 14:24:36 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\8floor
[2012/09/27 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Alawar
[2012/06/30 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Alawar Stargaze
[2013/04/06 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\AlawarEntertainment
[2012/03/11 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\AlderGames
[2011/10/24 02:08:12 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\aliasworlds
[2012/11/21 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Amazon
[2012/08/27 17:09:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Amulet_of_time
[2012/10/25 12:15:36 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Anuman
[2012/01/27 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Awem
[2012/12/22 21:28:05 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Babylonia
[2012/10/13 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\BlooBuzzStudios
[2012/03/12 02:21:59 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Bloom
[2013/02/25 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Boolat Games
[2012/03/31 13:12:31 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Catalina Marketing Corp
[2012/10/05 19:06:39 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Coby
[2012/10/05 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Coby Media Manager
[2012/05/19 13:15:26 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2012/10/10 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\DriverCure
[2012/11/21 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\EntwinedSoD
[2013/02/22 23:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Epson
[2012/08/05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Farm Mania
[2012/08/05 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Farm Mania 2
[2012/08/05 10:03:22 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Farm Mania 2.1
[2012/05/26 01:42:55 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\FBI
[2012/07/14 09:41:40 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Floodlight Games
[2012/08/19 17:32:48 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\freshgames
[2012/09/16 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\GHISLER
[2012/06/17 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\HipSoft
[2012/07/22 19:40:01 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\iWinG
[2012/01/27 07:54:14 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\JaiboGames
[2013/04/09 12:25:32 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Jane s Hotel 3
[2011/08/20 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Jewel Match 3
[2011/08/25 01:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\JewelMatch2
[2011/04/12 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\LaJangada
[2012/06/26 18:00:48 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Leader Technologies
[2012/06/26 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Leadertech
[2013/02/25 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\LegacyGames
[2012/07/20 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\LegacyInteractive
[2013/03/21 17:32:08 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Melesta
[2013/04/05 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\MotoCast
[2013/03/15 18:55:57 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Motorola
[2013/03/16 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Motorola Mobility
[2011/04/09 20:27:50 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\MumboJumbo
[2012/09/02 18:27:48 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\My Games
[2012/03/18 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\NevoSoft Games
[2013/04/05 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Nitreal Games
[2012/11/14 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\northerntale_wildtangent_en
[2012/07/19 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Peace Craft
[2012/07/09 10:44:07 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\PeaceCraft2
[2012/07/07 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\PeaceCraft3
[2011/08/29 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\playmink
[2012/10/06 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Playrix Entertainment
[2012/08/24 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\rokapublish
[2013/03/27 01:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\ShamanGS
[2012/05/19 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Shopping Blocks
[2011/04/07 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Smith Micro
[2012/12/12 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\SoftGrid Client
[2012/10/10 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\SpeedyPC Software
[2012/05/20 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\SpinTop Games
[2013/04/10 14:28:03 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\TeamViewer
[2011/04/07 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\TFS2
[2011/05/07 16:55:44 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Tific
[2012/12/18 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\TitanicMystery
[2011/04/29 03:38:24 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\TP
[2012/05/20 02:22:55 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\WildTangent
[2013/02/26 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\wild_tangent_adelantado
[2011/05/03 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\Windows Live Writer
[2012/11/18 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Gayle's\AppData\Roaming\YoudaGames

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 13 April 2013 - 01:23 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi and welcome to Geeks to Go. :)

My apologies for the delay, sometimes topics posted do get overlooked unintentionally, with regard to this you mentioned:-

I called a facebook tech number, they remotely accessed my computer, which they found the "hacker". It was someone from CA. They told me that for $199 they could clean up my computer & fix the problem & give me security for the computer for 2 years.

Far as I am aware the IT Support side of Facebook does not provide this type of service and you most likely have been scammed and not a good idea to allow any form of remote access unless you are positive both a reputable and reliable firm. Anyway not to worry we can sort that out and remove any software that may have been installed/changes made to your machine etc.

Next:

You have the executable for OTL currently located here:-

C:\Users\Gayle's\Downloads\OTL.exe

Please move it to your desktop. Also there should be another log created by OTL when you ran it called Extras, that should be in your downloads folder also. Please post the contents of that in your next reply.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.

Next:

Let myself know when completed the above and post the requested Extras log. We will then go from there, thank you.
  • 0

#3
BaeWells
Posted 14 April 2013 - 11:35 PM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you so much. I understand the delay & overlook. I'm just frustraited that someone could do that. I have done what you told me to do. I hope that I have done it right. Lord knows that I am NOT computer literate when it comes to this. I'm attatching the Extra part that you requested. If this is not right let me know & I will do my best to get the right stuff. I have to say that the Norton forum led me to you all & I'm thankful!






OTL Extras logfile created on: 4/10/2013 8:32:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gayle's\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.05% Memory free
5.49 Gb Paging File | 3.29 Gb Available in Paging File | 59.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.48 Gb Total Space | 196.59 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive D: | 16.31 Gb Total Space | 2.35 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
Drive G: | 34.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GAYLES-HP | User Name: Gayle's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043ADA63-0D45-4323-93A6-C78587435131}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{265922E1-D885-4982-B48B-1A68C3BF5B6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CAA3F3E-B381-48E3-BE4D-86A0C53C7D37}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CAA8C1B-2EF2-4C3A-A26C-5D539F3CF932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3216A98D-5AC9-4463-8F96-27ECC3B9A5AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3E1FD1F5-8BE6-4816-93F2-54019814FAF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{49C9A33B-36D2-4E83-AFC9-9BB14BE64EE4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CE0B3D0-6DCD-4436-9DB5-FD4EEEE235F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56B73909-C9B5-4B43-ADBD-AA5F0AD55617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E64820A-581F-4DE9-A787-317B2B1443F2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72A015B8-365C-4DF0-9943-225AADD7E6A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{740F058E-FAC1-4810-AFD5-F208E008CCC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B46F206-6FCA-4710-839A-8D6ACD8BCFAC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C190E21-2D99-4806-A2B1-F9AE350A2781}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803EB8DA-1988-4506-852A-8A8FBAA40D81}" = lport=139 | protocol=6 | dir=in | app=system |
"{B908FD11-A8E8-4569-9BE9-8DA5C8B3EE6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C046E1E8-0619-4858-8540-AC7961E2C579}" = rport=445 | protocol=6 | dir=out | app=system |
"{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CBB9EE97-4EFF-44E9-A710-C6EF69495C00}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD2DC552-CE7F-4B77-87CF-C01B5FE0DA80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE4A7D2F-AF36-4640-A66A-BA9327A1B5AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{D747C43A-F5D9-4266-A426-BA67D41E8704}" = lport=445 | protocol=6 | dir=in | app=system |
"{D85D392A-99A5-4190-A9C3-5EEDAC2A7C32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB0E5AAB-E871-44BF-801D-81A46A9DB3CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB74FE7C-7077-44A8-94CC-3BFFDDA2642D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F5E9F69A-D37F-4711-BB5D-FEAB7D7924A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE1FF98E-D831-4F3E-9D3B-681BB8F40DBD}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047E5B89-3512-4201-8A35-AF9389F6F6D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AD82EA0-E7CD-438F-9017-76981937F280}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{0B8CDA0B-AE30-4728-BFA5-69CE89A3C100}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{12336DDC-A5B4-44A4-B9F4-8C4EF948A15D}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{167C3DA6-3A58-47FB-9687-DECA45E45094}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E93EF3A-58AE-448B-B363-41880016DEB4}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{23C0E037-089C-457A-B29F-4342C5B9AAAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3533B3FD-1A73-4A19-A4AC-689F4FEEFC97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3629EEBC-8CD8-4A84-8570-2D84D260E2A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{37235AF0-28F1-43B6-914A-F2B28DD7F840}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DCB3BEF-009F-45A2-95FC-357443718218}" = protocol=1 | dir=in | [email protected],-28543 |
"{3FAB4546-8F9E-44D4-BE34-C61FECD3EC63}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{43BCCB62-FBB8-4239-8ACD-7BF640FAADDB}" = protocol=1 | dir=out | [email protected],-28544 |
"{4E15DE80-7B73-44DE-B6D0-E59F0F58DD24}" = protocol=6 | dir=out | app=system |
"{5797B865-ACD4-4D41-ADFE-1217108E7E16}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{6AB67E60-1170-4B29-8040-91C7F3C55031}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B12CAEA-19D2-4576-8457-8F2B827049B2}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{6E2A430E-41B8-4970-9896-E5137A06EF68}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{712B4470-6274-49B9-8470-48D57CDFFBA2}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{7CBFD692-3E6B-49CE-AAA3-B1757AFFDFEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89E11061-6969-4136-9DA0-3E7590549EBD}" = protocol=58 | dir=out | [email protected],-28546 |
"{8AE4AEBB-8645-49E9-ABFF-98BB7BE36111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F43329C-8917-47A3-955C-979ACF3D177E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91E62CC8-AD18-476D-A184-898E90F5C895}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{9531FB9A-EB17-4A57-9721-CADACFC835D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1B7CAB1-6861-4557-AB6F-1967202A07C7}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{A933B719-3696-4485-BA3A-1BD563190035}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B4BD5E72-E048-485A-A8AF-C4FA5D4CA871}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B4E66228-5114-4502-ABD1-4FF06A25013D}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{BB0AE2D0-342B-4C14-93DB-00541D5898B4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BB72DCC6-D461-47D2-9D47-AF4CE9E4F929}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF65F25F-0AD6-4052-89E1-0AFE79CFABDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD16C9FA-1A10-4780-A08F-35B4DA22E5A7}" = protocol=58 | dir=in | [email protected],-28545 |
"{D1894ECE-44F5-46F0-9D9D-901C764DC412}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{D6850EF6-9310-4FAC-8EE6-3B2CAF878D4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E5634C2D-A6EB-49BD-B75B-4A97B61E11DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8C811E2-43DD-40CE-AF79-9FC3F1BE4176}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{FB08E2ED-8099-48A1-BE06-C0B3AE6D1B33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{90630A9B-B270-40CA-91FF-80FE49CE34AE}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{97C67374-278F-45F4-885F-16552899B682}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{CF160A68-DC00-4F5A-BF6C-36227B098414}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{0FA62859-33DE-4CD0-A856-F4E4E129E87F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{611A6C44-E6AF-4299-8E0F-2BA1A3BE8192}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C1EEBF97-696A-4051-AE9B-F27D773EDBB0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D2CAE5D-FFCF-4D97-B7D6-F1AB49A00EEA}" = Coby Media Manager
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CAC2CF93-B532-4A88-81FE-110750C3E4BA}" = Verizon Wireless USB760 Firmware Updates
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DDA3A044-F6AE-442F-9ED5-E212618A93B9}" = Motorola Device Software Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F1A6A09F-5FF3-4648-B293-CDF044348A24}" = LeapFrog My Pals Plugin
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CouponAlert_2pbar Uninstall" = CouponAlert Toolbar
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Laptop Logbook" = Laptop Logbook
"LTCM Client" = LTCM Client
"McAfee Security Scan" = McAfee Security Scan Plus
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"UPCShell" = LeapFrog Connect
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT087335" = Build-a-lot 2
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WTA-0249587c-0ecb-4a90-91fc-e515b9e87e1f" = Rescue Frenzy
"WTA-04302eda-c523-4de8-a582-d3867ffb90c3" = Rescue Team Bundle
"WTA-067e3426-3fba-4964-9ad1-dce86361f2be" = Posh Boutique
"WTA-0c908274-48e7-4cb5-a9ba-8ea6acbe943f" = Gardens Inc: From Rakes to Riches
"WTA-0f59f367-48c1-4e1b-9d71-191ee88cdaa1" = Northern Tale
"WTA-0f6e68d4-b5c6-45d7-b960-0c5e370ae292" = Farm Mania
"WTA-135082d5-8529-4987-9478-c9f807ebaa7e" = Jewel Match 3
"WTA-13eb24f9-228c-4aa0-834c-348cdd180e38" = Tropical Fish Shop 2
"WTA-15fe1d17-770c-49ff-b405-b5b3eaaf0b66" = Frozen Kingdom
"WTA-19deda72-a878-4d8c-be97-6dc63947dc77" = The Promised Land
"WTA-1a443342-51a5-49f7-8387-64f1bee01936" = Farm Craft
"WTA-1c376839-7285-469e-9234-00f10f9e05ef" = Farm Frenzy 3 - American Pie
"WTA-1ce2ac21-ae40-4737-8732-ceaf9a1acc4f" = Legends of Atlantis: Exodus
"WTA-209a79fc-35d9-4442-8b28-255dda06e949" = The Golden Years: Way Out West
"WTA-27ab456d-3795-4671-afcc-b01362cf789e" = Ranch Rush 2 - Premium Edition
"WTA-28ab7c13-e323-4322-987a-42455c65b6eb" = Classic Fishdom 2 in 1 Pack
"WTA-2acd255a-a6e1-49de-bac5-1df22936c5e1" = Dream Day Wedding 2 - Married in Manhattan
"WTA-30a15c69-46ff-4a10-8be2-ca7b166602b7" = Boutique Boulevard
"WTA-314e7f84-4206-454f-9807-5b992dda3d77" = Monument Builders: Titanic
"WTA-336048be-2781-4bac-8c05-1f2650b63921" = Dream Day Wedding
"WTA-364918b5-a7c9-4b84-9427-837a641521bd" = Roads of Rome 2
"WTA-38fa73d2-b8ca-4490-a672-5d30eae5c66d" = Farm Frenzy 3 - Ice Age
"WTA-3abe7650-6154-445f-9734-184a1b0502f9" = Jewel Craft
"WTA-3b19240a-a5ce-4869-b23b-6161313aea35" = Delicious: Emily's True Love Premium Edition
"WTA-3bd503e9-43d7-43c3-9bf9-4a01304c3495" = Royal Envoy 2 Collector's Edition
"WTA-3ec9f8fb-9d9b-48f3-9c79-47f49304aabb" = Royal Envoy
"WTA-429b82e2-84ba-4315-a0b9-17c8b28f7c49" = Dream Day First Home
"WTA-44f80363-46e9-4fb0-a280-28782d3bed57" = Vacation Quest™ - Australia
"WTA-4552118e-e364-4288-985b-50e332682c00" = My Kingdom for the Princess
"WTA-49ae0c5d-636e-48cb-b942-116eaf93f626" = My Kingdom for the Princess 2
"WTA-4d072aba-ffda-4830-8822-daf6f44612e8" = Gardenscapes
"WTA-4ebb3c35-b084-4e05-aa1d-8426ce6f0296" = Big Kahuna Reef 2
"WTA-512d2b02-4050-4ca2-a0e6-59acf800bd86" = Green City
"WTA-54cdea03-aabf-4f6a-8de6-46eced89f27e" = Sally's Salon
"WTA-57be47da-7fb2-4d79-8ca7-82374fa59bc8" = Dream Day Wedding - Bella Italia
"WTA-5a4b62e8-bf62-4e32-b8f9-b583e6c3c8c5" = Build-a-Lot - The Elizabethan Era
"WTA-5ba7e2ad-fa2a-4baf-9ab7-946c4ed46a01" = Kelly Green - Garden Queen
"WTA-5c2cd08e-ef67-46c5-9214-fd626d6390bb" = My Kingdom for the Princess 3
"WTA-613fa4e7-18f6-4e90-bc4a-f78d4b16b6e5" = Roads of Rome
"WTA-64b70078-d73d-43e4-bde6-6c1f64cd829b" = Big City Adventures Paris
"WTA-6660b401-a358-4930-bcdc-05da40a9f24f" = Farm Frenzy 3
"WTA-66c20936-c74a-4ecc-968d-0aa8fca9a5ae" = Monopoly®
"WTA-67752d15-4332-4119-887a-d4a558a1de0c" = Be a King: Golden Empire
"WTA-69258e38-0f57-4186-98d3-a2347a61fa6b" = Katy and Bob: Way Back Home
"WTA-6b31f4a1-99bb-463e-b203-22cf6dc35957" = Paradise Pet Salon
"WTA-6c1139a8-1291-40c6-bb3f-c19ce5983387" = Wild West Story: The Beginnings
"WTA-6ca82f5d-1138-4bdd-a2a1-55a6660ea3db" = Hello Venice
"WTA-6d3317e6-f313-4574-be9f-13182e5409fe" = My Farm Life
"WTA-6e7aa441-0ba5-4192-9dcc-7df1b27f8d0a" = Big City Adventure: London Story
"WTA-75b14742-263a-432f-82f9-32c10546cbc0" = Criminal Minds
"WTA-7b98b7bf-e591-4b30-b070-d8d5b05f45ad" = Titanic's Keys to the Past
"WTA-7df9a5bc-0b7e-4447-bd66-722ef4d026ea" = Special Enquiry Detail: Engaged to Kill
"WTA-7f638b31-f3d8-4d79-9c72-9e93f25d2cc9" = Heroes of Hellas 3: Athens
"WTA-805a653f-6d83-4632-91ab-7d938022b0b2" = Luxor HD
"WTA-8236ab00-894d-4950-ab6a-1741813c9b63" = Farm Frenzy 3 - Russian Roulette
"WTA-82bf32b8-9323-4e66-a276-8006180b7158" = Babylonia
"WTA-832f3b12-d687-4cdc-8be2-03484a9afffc" = Jo's Dream: Organic Coffee
"WTA-8353c62c-5175-4bf1-aabd-6de47bd4dac6" = Rachel's Retreat
"WTA-852775a3-7c00-4300-b603-74b72ea430bb" = 7 Wonders: Magical Mystery Tour
"WTA-85e82d9d-434f-44c9-9435-170256a2a338" = Gardenscapes: Mansion Makeover
"WTA-861c7548-cec0-44af-bd2e-50f0092c0960" = LUXOR 5th Passage
"WTA-866974ce-07d9-4bd2-aa00-f55a3074b9de" = Build-a-lot 3
"WTA-88f8e599-18ec-474a-8935-a858e04fffc1" = Mahjong Royal Towers
"WTA-8d1f527f-90fd-4bad-b4ec-390ecffcaaf8" = Hotel Giant 2
"WTA-8df2910b-df98-428d-8ff9-d3402ccc40f6" = Youda Farmer 3: Seasons
"WTA-8ee6b0f3-4356-4e38-9a5a-907548ccc0c6" = New Yankee in King Arthur's Court 2
"WTA-967c7031-ac1d-4255-b482-0815898ba356" = Women's Murder Club - Death in Scarlet
"WTA-96a1bb9c-a3c3-48da-b2be-d43b70c04eed" = Posh Boutique 2
"WTA-99335430-d94b-4e7b-aadd-db0ebbddc681" = Barn Yarn Collector's Edition
"WTA-9a4bfe51-d5e0-481e-b45b-3ab1fef3817c" = Call of Atlantis
"WTA-9b5c3c91-a58a-4c13-bf4e-7523a08f5dfe" = Alice Greenfingers 2
"WTA-9bed153d-ea93-4b8f-b841-d9f506aafbcb" = Family Farm
"WTA-a1b82859-599b-404b-879b-5ea7bd31c02f" = Shopping Blocks
"WTA-a2f30027-ba85-4cd2-8827-35c3cced5c44" = Farm Frenzy: Ancient Rome
"WTA-a701905c-688e-47a3-9376-e5a0b350bce0" = Heroes of Hellas
"WTA-a770f091-9475-44b6-9e66-33a1c9bdc298" = Build-a-lot 4 - Power Source
"WTA-ab5e42db-5f23-42bc-bd48-49e2cccf290c" = Strike Solitiare
"WTA-b175a937-7038-4816-938f-48c85e2507a6" = Build-a-lot Fairy Tales
"WTA-b60724de-0697-4069-b090-ff6be722ceaf" = Hobby Farm
"WTA-b9e2dab9-ec9b-4e0a-b0f6-f3e297e7ef73" = Farm Frenzy
"WTA-baf7a8ae-5e67-4e1a-b0ff-5441db78851b" = My Farm Life Bundle
"WTA-bd33698a-a7cd-42e6-af7f-47950e467995" = Wedding Salon
"WTA-c4a277d5-14fe-4c80-bd0f-f500de6dd456" = Big Kahuna Reef 3
"WTA-c62a85f7-b4bb-4062-93f1-78156a530abc" = My Farm Life 2
"WTA-c7d0205b-0346-46bf-a911-1c77845966ae" = Youda Time Management Pack
"WTA-c8d1f611-1ae1-4162-9e0d-d05be03c85fa" = Jane's Hotel Mania
"WTA-cf45e069-aa51-41e7-8cbf-df296ae30d60" = Rainbow Web 2
"WTA-cfa4a16e-81ec-4380-aed2-0cff6cc15d93" = Crop Busters
"WTA-cff9d68b-7612-472f-8302-63c1c5787ec9" = Farm Frenzy 3 - Madagascar
"WTA-d02b6ed6-748a-46f1-b24b-609e85869692" = Monument Builders: Eiffel Tower™
"WTA-d055a34f-7673-4c38-b853-5cd4dac2d37e" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-d11f39e2-1e4e-4834-bdb5-bf5582a96c6d" = Fishdom 3: Collector's Edition
"WTA-d14a2bfa-64c3-4bcd-b86b-2bcc56dd493d" = New Yankee in King Arthur's Court
"WTA-d1ee7b4c-000d-4ae4-bb4f-793ee28136aa" = Tales of Lagoona
"WTA-d2616ea0-9cf6-49c8-bf99-35af2eaa4403" = The Lost Kingdom Prophecy
"WTA-d4133773-47fe-4aae-a587-63e230a02406" = Farm Mania: Hot Vacation
"WTA-d5ed1881-6499-45c8-b47b-9d46744c3e5e" = Youda Jewel Shop
"WTA-d663dcbf-d628-4ff4-beff-658f84b53c94" = Build-a-lot: On Vacation
"WTA-d8d11672-3b87-4201-be23-4c6427391d34" = FarmQuest
"WTA-d9812cec-2db2-4004-bc6d-96db96582cee" = Paradise Beach 2
"WTA-da067018-4035-4150-a133-0e4519e58c0e" = Adelantado Trilogy Book One
"WTA-e17539d6-c1a0-4e7d-aee3-23245fa7c825" = Farm Mania 2
"WTA-e345ec48-637c-4e67-9023-6ee24c020480" = Fishdom H2O - Hidden Odyssey
"WTA-e56dfc5f-0e7a-4995-b46f-1d52e8dbaa79" = Westward III - Gold Rush
"WTA-e7757849-3505-495f-9bf7-2701ad0b0993" = The Timebuilders: Pyramid Rising
"WTA-e81cd7fa-1c2b-448b-aea4-aa00a52aee37" = Farm Frenzy: Gone Fishing
"WTA-ef863411-62b0-42fd-84ab-38b7d99f145a" = Farm Frenzy 2
"WTA-f0405c01-5382-40c5-b0c2-c0c671c468df" = Westward IV - All Aboard
"WTA-f28aa1ff-6b95-4d5c-8d32-b46b59a564b3" = Ranch Rush
"WTA-f46aded3-a2e1-47b5-9ce5-7e7973ad9f9c" = Farmington Tales
"WTA-f4b396bc-29b8-4ce4-9c59-04835f106cab" = Roads of Rome 3
"WTA-f4c58cb6-1606-4b81-aac3-5ea54a1c9e7c" = Bejeweled 3
"WTA-f8e0ec9a-6535-44a0-ae78-2b08eb6da127" = Farm Frenzy: Viking Heroes
"WTA-fdb4a486-b1e2-41f4-9f43-181069f1a715" = Westward II - Heroes of the Frontier
"WTA-fdf2ebf3-791d-41c3-a691-a8275539f6e4" = Delicious - Emily's Wonder Wedding Premium Edition
"WTA-fe731e53-4ee9-4fb3-8c48-03dfe1848639" = Dream Day Honeymoon
"WTA-ffbc4646-3265-42db-a413-5646d817a81d" = Lost in Reefs

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2012 10:29:58 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3245

Error - 10/30/2012 10:29:59 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2012 10:29:59 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4384

Error - 10/30/2012 10:29:59 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4384

Error - 10/30/2012 10:30:00 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2012 10:30:00 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5725

Error - 10/30/2012 10:30:00 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5725

Error - 10/30/2012 11:41:08 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/30/2012 11:41:08 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 10/30/2012 11:41:08 PM | Computer Name = Gayles-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

[ Hewlett-Packard Events ]
Error - 9/7/2012 6:03:01 PM | Computer Name = Gayles-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization: TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 9/7/2012 6:03:14 PM | Computer Name = Gayles-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/7/2012 6:03:15 PM | Computer Name = Gayles-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/5/2012 6:23:22 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/12/2012 6:17:59 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/20/2012 2:43:24 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/26/2012 5:28:15 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 11/3/2012 1:00:14 PM | Computer Name = Gayles-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 1:00:58 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 11/23/2012 10:29:04 PM | Computer Name = Gayles-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]
Error - 4/7/2011 6:56:44 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/7/2011 6:56:49 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/7/2011 6:56:55 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/23/2012 2:45:08 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/9/2012 6:16:02 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/28/2012 4:54:57 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/22/2012 7:21:36 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 9/6/2012 9:05:27 AM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/2/2012 9:39:23 AM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/2/2012 7:57:48 PM | Computer Name = Gayles-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Media Center Events ]
Error - 7/11/2012 7:17:26 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 7:17:26 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 7/11/2012 7:17:35 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 7:17:34 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 7/15/2012 1:29:44 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 1:29:05 PM - Error connecting to the internet. 1:29:05 PM - Unable
to contact server..

Error - 7/16/2012 10:11:50 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 10:11:49 PM - Error connecting to the internet. 10:11:50 PM - Unable
to contact server..

Error - 7/16/2012 10:12:45 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 10:12:37 PM - Error connecting to the internet. 10:12:37 PM - Unable
to contact server..

Error - 7/16/2012 11:13:01 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 11:13:01 PM - Error connecting to the internet. 11:13:01 PM - Unable
to contact server..

Error - 7/16/2012 11:13:14 PM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 11:13:06 PM - Error connecting to the internet. 11:13:06 PM - Unable
to contact server..

Error - 7/17/2012 12:13:35 AM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 12:13:35 AM - Error connecting to the internet. 12:13:35 AM - Unable
to contact server..

Error - 7/17/2012 12:13:48 AM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 12:13:41 AM - Error connecting to the internet. 12:13:41 AM - Unable
to contact server..

Error - 7/19/2012 3:22:51 AM | Computer Name = Gayles-HP | Source = MCUpdate | ID = 0
Description = 3:22:46 AM - Error connecting to the internet. 3:22:46 AM - Unable
to contact server..

[ System Events ]
Error - 3/22/2012 9:44:20 AM | Computer Name = Gayles-HP | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 3/26/2012 8:55:27 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/26/2012 8:55:27 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/26/2012 8:55:27 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/26/2012 8:55:56 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/26/2012 8:55:56 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/26/2012 8:55:56 AM | Computer Name = Gayles-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 3/31/2012 1:07:33 AM | Computer Name = Gayles-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:04:14 AM on ?3/?31/?2012 was unexpected.

Error - 4/6/2012 8:21:54 PM | Computer Name = Gayles-HP | Source = DCOM | ID = 10016
Description =

Error - 4/8/2012 7:49:16 PM | Computer Name = Gayles-HP | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#4
Dakeyras
Posted 15 April 2013 - 04:57 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you so much. I understand the delay & overlook. I'm just frustraited that someone could do that. I have done what you told me to do. I hope that I have done it right. Lord knows that I am NOT computer literate when it comes to this. I'm attatching the Extra part that you requested. If this is not right let me know & I will do my best to get the right stuff. I have to say that the Norton forum led me to you all & I'm thankful!

Acknowledged and you're welcome!

I will take into account what you have mentioned and with regard to anything proactive we will do so just a few steps at a time OK. Anyway for now just answer my two questions below and we will then go from there, thank you.

1 - Have you ever used either Charter Communications or Eli Lilly and Company as a form of ISP ?

2 - Can you confirm for myself that your current ISP in use is Verizon(Cellco Partnership) based ?
  • 0

#5
BaeWells
Posted 15 April 2013 - 04:48 PM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I use Charter communication at home. When on the road I have Verizon broadband. That one I will be discontinuing to use the data off my phone that is verizon.
  • 0

#6
Dakeyras
Posted 16 April 2013 - 02:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I use Charter communication at home. When on the road I have Verizon broadband. That one I will be discontinuing to use the data off my phone that is verizon.

Thank you for the clarification, lets proceed as follows shall we...

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

CouponAlert Toolbar <-- Has undesirable characteristics.

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2012/04/17 19:14:49 | 000,000,000 | ---D | M]
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: DhcpNameServer = 40.5.1.100
O32 - AutoRun File - [2008/08/21 03:39:48 | 000,000,074 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\Shell\AutoRun\command - "" = G:\VerizonSWUpgradeAssistantLauncher.exe
O33 - MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe -- [2009/09/13 23:13:58 | 002,320,432 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\Shell - "" = AutoRun
O33 - MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
[2013/03/22 15:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Local\{7012C488-FECA-484A-A918-4691D06F08BF}
[2013/03/21 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Gayle's\AppData\Local\{596229F7-5A7E-4FA4-9D3B-DDF637458BA2}

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c
C:\Program Files (x86)\CouponAlert_2p

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLTarget\P0000000000000000"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

  • Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#7
BaeWells
Posted 16 April 2013 - 02:07 PM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello :-)
Here is the Malwarebytes Anti-Malware Log.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.16.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gayle's :: GAYLES-HP [administrator]

4/16/2013 3:54:18 PM
mbam-log-2013-04-16 (15-54-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246131
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
BaeWells
Posted 16 April 2013 - 02:20 PM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the OTL Log I believe this is the right scrip you are requesting. The only problem that I ran into when running the Run Fix was, "Cannot Create file C\Users\Gayle's\Downloads\Cmd.bat. Then it stopped & I started over & it went thru that time. So far everything is running great!! The start up is faster surfing is faster. Thank you So much for your help!

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A4F028F-153B-43C9-8D9F-8B0984CF0DF9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}\ not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3462c343-be19-4143-af70-cefb56f46fc6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6}\ not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Search Scope Monitor not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponAlert_2p Browser Plugin Loader not found.
File C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}\\DhcpNameServer| /E : value set successfully!
File G:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181bcab2-8213-11e2-86a0-60eb696624e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181bcab2-8213-11e2-86a0-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181bcab2-8213-11e2-86a0-60eb696624e4}\ not found.
File G:\VerizonSWUpgradeAssistantLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454a46d6-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454a46d6-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454a46d6-616d-11e0-98ba-60eb696624e4}\ not found.
File F:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454a47af-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454a47af-616d-11e0-98ba-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454a47af-616d-11e0-98ba-60eb696624e4}\ not found.
File G:\VZAccess_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d06379a7-8da0-11e2-a09c-60eb696624e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d06379a7-8da0-11e2-a09c-60eb696624e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d06379a7-8da0-11e2-a09c-60eb696624e4}\ not found.
File G:\MotoCastSetup.exe -a not found.
Folder C:\Users\Gayle's\AppData\Local\{7012C488-FECA-484A-A918-4691D06F08BF}\ not found.
Folder C:\Users\Gayle's\AppData\Local\{596229F7-5A7E-4FA4-9D3B-DDF637458BA2}\ not found.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d9b9:2d18:7427:e16e%11
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C05AD519-926E-46DA-A286-D6B3A0E85834}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:4f7:3492:e760:6e0c
Link-local IPv6 Address . . . . . : fe80::4f7:3492:e760:6e0c%14
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{C17FEB1B-D56F-48F3-B5FA-046BD2A49041}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d9b9:2d18:7427:e16e%11
IPv4 Address. . . . . . . . . . . : 192.168.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C05AD519-926E-46DA-A286-D6B3A0E85834}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:4f7:3492:e760:6e0c
Link-local IPv6 Address . . . . . : fe80::4f7:3492:e760:6e0c%14
Default Gateway . . . . . . . . . : ::
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Gayle's\Downloads\cmd.bat deleted successfully.
C:\Users\Gayle's\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PLTarget\P0000000000000000 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: Administrator.Gayles-HP
->Temp folder emptied: 143375 bytes
->Temporary Internet Files folder emptied: 1595060 bytes
->Flash cache emptied: 562 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gayle's
->Temp folder emptied: 64437024 bytes
->Temporary Internet Files folder emptied: 141915717 bytes
->Java cache emptied: 13045 bytes
->Apple Safari cache emptied: 9166848 bytes
->Flash cache emptied: 101372 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 164204 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2181310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 194375473 bytes

Total Files Cleaned = 395.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04162013_145743

Files\Folders moved on Reboot...
File move failed. C:\Users\Gayle's\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Gayle's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.
C:\Users\Gayle's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Dakeyras
Posted 17 April 2013 - 02:41 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

So far everything is running great!! The start up is faster surfing is faster. Thank you So much for your help!

Good and you're welcome!

The only problem that I ran into when running the Run Fix was, "Cannot Create file C\Users\Gayle's\Downloads\Cmd.bat. Then it stopped & I started over & it went thru that time

Acknowledged...I see then the executable for OTL is in your Download folder still and that may account for the problem.

Easy way to move it to the desktop, go to your Downloads folder and open it:-

Click on Start(Windows 7 Orb) >> Gayle >> Downloads >> click once on OTL.exe with your left mouse key and keep it depressed >> drag it out of the Downloads window onto the Desktop and release the mouse key.

Now lets set your download location to the actual Desktop:-

  • Launch/start Internet Explorer >> click on the Gear icon in the upper left hand corner of the window >> View downloads
  • In the View Downloads - Windows Internet Explorer window that has now appeared >> click on Options
  • Now in the Download Options window that has now appeared >> click on the Browse... tab >>
  • The Select a default destination folder for your downloads window should now have appeared >> click on Desktop >> Select Folder >> OK >> Close
Note: When I give the all clear you may reset the download location for the browser back to the default/downloads folder if you so wish.

Next:

Let myself know when completed the above and we will then go from there, thank you.
  • 0

#10
BaeWells
Posted 17 April 2013 - 10:15 AM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Good Afternoon! The next step is done. But, the only thing when I go to the options, the window that comes up says default location is downloads. When I hit the browse key, it will not let me choose the destination. It just opens another window with all the downloads. I have tried erasing the downloads in the text window & it will not alow me to deleate.
  • 0

Advertisements

#11
Dakeyras
Posted 17 April 2013 - 01:47 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

The next step is done.

Good.

But, the only thing when I go to the options, the window that comes up says default location is downloads. When I hit the browse key, it will not let me choose the destination. It just opens another window with all the downloads. I have tried erasing the downloads in the text window & it will not alow me to deleate.

Hmmm something is not quite right then and what I advised is quite similar to the advice here. Feasible their may be a problem with IE itself...OK we can come back to this in due course and for now continue the malware removal process as follows...

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop if able, if not the downloads folder will suffice for now.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> follow the prompts and reboot(restart) your machine if not advised to do so.
  • Please post the contents of the log file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Scan with aswMBR:

Please download aswMBR.exe to your desktop if able, if not the downloads folder will suffice for now again etc.

  • Right-click the aswMBR.exe nd select Run as Administrator to launch the application.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
  • Now click on the Scan button...
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop(or downloads folder if you had ro run from there) named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • AdwCleaner Log.
  • aswMBR Log.

  • 0

#12
BaeWells
Posted 18 April 2013 - 07:02 AM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok I have done the Awdcleaner Here is the result of that scan.

# AdwCleaner v2.200 - Logfile created 04/18/2013 at 08:52:07
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gayle's - GAYLES-HP
# Boot Mode : Normal
# Running from : C:\Users\Gayle's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q85BJLA\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [3777 octets] - [18/04/2013 08:52:07]

########## EOF - C:\AdwCleaner[S1].txt - [3837 octets] ##########
  • 0

#13
BaeWells
Posted 18 April 2013 - 07:29 AM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry about the order of the reply! I was distracted while doing these. The computer seems to be doing great now. The start up is a little faster than usual. The kids said that the games don't freeze up on them. Thank you for your continued help. I realy appriciate it. Also here is the results of the last scan, the aswMBR.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-18 09:04:49
-----------------------------
09:04:49.089 OS Version: Windows x64 6.1.7601 Service Pack 1
09:04:49.089 Number of processors: 2 586 0x603
09:04:49.089 ComputerName: GAYLES-HP UserName: Gayle's
09:04:55.080 Initialize success
09:07:02.630 AVAST engine defs: 13041800
09:07:33.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
09:07:33.441 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 11
09:07:33.597 Disk 0 MBR read successfully
09:07:33.597 Disk 0 MBR scan
09:07:33.612 Disk 0 unknown MBR code
09:07:33.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:07:33.643 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288238 MB offset 409600
09:07:33.675 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16703 MB offset 590721024
09:07:33.706 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
09:07:33.753 Disk 0 scanning C:\Windows\system32\drivers
09:07:53.831 Service scanning
09:08:33.210 Modules scanning
09:08:33.226 Disk 0 trace - called modules:
09:08:33.756 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
09:08:33.772 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031c5330]
09:08:33.788 3 CLASSPNP.SYS[fffff88001b1b43f] -> nt!IofCallDriver -> [0xfffffa800316b040]
09:08:33.788 5 amdxata.sys[fffff880010917a8] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8003165060]
09:08:35.379 AVAST engine scan C:\Windows
09:08:39.544 AVAST engine scan C:\Windows\system32
09:14:01.414 AVAST engine scan C:\Windows\system32\drivers
09:14:31.104 AVAST engine scan C:\Users\Gayle's
09:23:26.841 Disk 0 MBR has been saved successfully to "C:\Users\Gayle's\Documents\MBR.dat"
09:23:26.856 The log file has been saved successfully to "C:\Users\Gayle's\Documents\aswMBR.txt"
  • 0

#14
Dakeyras
Posted 19 April 2013 - 02:53 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Sorry about the order of the reply!

Not a problem and my apologies also for the delay...

The computer seems to be doing great now. The start up is a little faster than usual. The kids said that the games don't freeze up on them. Thank you for your continued help. I realy appriciate it.

Good and you're welcome!

I was distracted while doing these.

Fair play and this probably accounts for the somewhat unusual locations you downloaded to/ran from etc:-

C:\Users\Gayle's\Documents\aswMBR.exe

C:\Users\Gayle's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q85BJLA\AdwCleaner.exe

Anyway no harm leaving them where they are...aswMBR you will have to manually delete etc. AdwCleaner will go when temp' files are flushed again but you will have to manually delete the log created by it. You can remove both when I give the all clear or now if you so wish, either is absolutely fine.

Next:

Let check/update some software as follows shall we...

  • Download and install FileHippo Update Checker from here.
  • Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
  • Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.
  • Re-install the updated software, delete the installers.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on your desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Next:

When completed the above let myself know and if any further issues remaining, thank you.
  • 0

#15
BaeWells
Posted 19 April 2013 - 12:22 PM

BaeWells

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Well so far so good. The start up was a little slow but then, we rebooted the computer & it started back up faster that time. Also, it doesn't take as long on the surfing. Thank you. Now do I keep all the downloads to the desktop that you had me do? Besides the TFC shortcut that I run once per week, do I run any of the other ones at anytime? Again Thank you for your help with this!! You are a life saver! :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP