Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer mauy be infected with Trojan.Rootkit-IM and Trojan.Hacked-Dow


  • This topic is locked This topic is locked

#1
Mark Green

Mark Green

    Member

  • Member
  • PipPip
  • 55 posts
Hello,
I just recently had a tab pop-up stating WARNING: VIRUS CHECK (from http://www.cleanerfa...pport/index.php). On the page is the following:

"WARNING: THREAT MAY HAVE INFECTED YOUR COMPUTER WITH A VIRUS
System May Currently Be Infected. (2) Viruses known: Trojan.Rootkit-IM and Trojan.Hacked-Download. Your Personal Information MAY BE AT RISK!Get Help Immediately To Remove Viruses, Call Tech Support Now: 1-855-576-9704 Toll-FREE Support Line)"

I am not sure if this is spam or a hoax. I ran Norton and that didn't find any viruses. Below is the OTL scan. Thanks for any help you can provide.

OTL logfile created on: 2/4/2014 3:25:28 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.36% Memory free
16.00 Gb Paging File | 12.69 Gb Available in Paging File | 79.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.95 Gb Total Space | 836.32 Gb Free Space | 91.01% Space Free | Partition Type: NTFS
Drive D: | 12.46 Gb Total Space | 1.53 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Computer Name: MARK-HP | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/04 15:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2013/12/11 11:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/12/11 11:57:22 | 004,383,296 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/10/18 13:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/05/25 09:50:22 | 000,107,520 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/04/07 03:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2013/04/07 03:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2013/01/30 08:55:18 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
PRC - [2012/07/25 07:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2011/08/11 07:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/12 18:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 15:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/20 19:31:52 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2013/12/11 11:57:28 | 000,549,272 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/10/11 21:59:02 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/11 21:58:36 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/11 21:58:26 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/11 21:58:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/11 17:31:52 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/11 17:31:52 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/11 17:31:50 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/11 17:31:50 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/11 17:31:48 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/11 17:31:33 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/11 17:30:24 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/11 17:30:23 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/11 17:30:21 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f58dc6b661c4fb91c68945da9b701135\System.Xml.Linq.ni.dll
MOD - [2013/10/11 15:16:47 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/11 15:16:46 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/11 15:16:38 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/11 15:16:34 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/11 15:16:28 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/11 15:16:26 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/11 15:16:23 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/09/12 19:17:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 06:31:30 | 001,886,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\a663d90e414cd4eff1259951592f66c4\System.Web.Services.ni.dll
MOD - [2013/08/16 06:31:26 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/16 06:30:53 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/16 06:29:09 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/16 06:29:06 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/16 06:29:01 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/16 06:26:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/16 05:54:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/16 05:53:41 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/16 05:53:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/15 19:40:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/15 19:40:06 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 19:39:55 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 19:39:52 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/12 06:24:10 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll
MOD - [2013/07/11 15:55:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 15:54:48 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 17:55:27 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 17:55:26 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/04 17:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2013/05/27 22:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2013/05/14 18:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2013/05/13 21:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2013/05/09 19:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2013/04/27 22:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2013/04/07 03:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2013/04/07 03:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2013/03/27 00:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2013/03/27 00:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2013/03/27 00:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2013/03/27 00:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2013/03/27 00:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2013/03/27 00:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2013/03/27 00:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2013/03/27 00:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2013/03/27 00:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2013/03/27 00:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2013/03/27 00:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2013/03/27 00:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2013/03/26 18:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2013/03/26 18:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2013/03/26 18:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2013/03/26 18:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2013/03/26 18:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2013/02/18 22:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2013/02/18 22:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2013/02/18 22:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2013/02/18 22:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2013/02/18 22:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2013/02/18 22:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2013/02/18 22:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2013/02/18 22:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2013/02/18 22:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2013/01/30 08:55:14 | 000,088,704 | ---- | M] () -- C:\Program Files (x86)\xfin_portal\comcastdx.dll
MOD - [2012/11/29 01:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/11 07:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 07:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 07:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 07:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 07:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 17:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/13 14:44:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/01 17:06:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/04 14:55:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 11:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/18 13:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/05/25 09:50:22 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/04/07 03:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2012/07/25 07:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/12 18:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 15:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/18 18:07:10 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/12/03 17:15:39 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 19:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 18:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 18:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 19:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 18:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 18:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 17:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/06/25 18:27:44 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 11:46:42 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/24 04:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 04:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2011/06/01 17:06:42 | 009,078,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/01 17:06:42 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/07 15:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/18 20:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/20 15:08:03 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140203.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/18 02:34:45 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\ex64.sys -- (NAVEX15)
DRV - [2013/12/18 02:34:45 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\eng64.sys -- (NAVENG)
DRV - [2013/12/17 16:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/03 08:59:50 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/03 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DCC3CB87-B008-4975-A035-F1531AAD469E}
IE:64bit: - HKLM\..\SearchScopes\{281558A3-8AA0-412C-96C9-6598009A7FAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6605844B-7573-459F-A880-48AB3B659809}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCC3CB87-B008-4975-A035-F1531AAD469E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15}
IE - HKLM\..\SearchScopes\{281558A3-8AA0-412C-96C9-6598009A7FAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{6605844B-7573-459F-A880-48AB3B659809}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKLM\..\SearchScopes\{DCC3CB87-B008-4975-A035-F1531AAD469E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{26F5EF70-17F7-4414-9FEF-66B229BF304B}: "URL" = http://us.yhs4.searc...0521,0,0,6,7635
IE - HKCU\..\SearchScopes\{281558A3-8AA0-412C-96C9-6598009A7FAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.xfinit...q={searchTerms}
IE - HKCU\..\SearchScopes\{5C072A34-D129-32BD-D2E0-69B2EBD20454}: "URL" = http://www.bing.com/...013&form=ZGAIDF
IE - HKCU\..\SearchScopes\{63D37083-5D32-47A8-A7D0-28677FEE98EF}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{6605844B-7573-459F-A880-48AB3B659809}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\..\SearchScopes\{A4DD9A60-DFDD-4411-B214-4CA2D0818434}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15}: "URL" = http://search.condui...UM=2&SSPV=TB_C5
IE - HKCU\..\SearchScopes\{DCC3CB87-B008-4975-A035-F1531AAD469E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{E73C63EC-225D-44FA-8B15-9AE912214F14}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Xfinity.com Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.n...d=tbid12042013"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.41
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.02
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {4b9bcce8-a70b-402a-a7e1-db96831ee26f}:4.0.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:12.0.4.5 - 1
FF - prefs.js..keyword.URL: "http://search.condui...107920&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mark\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 14:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/31 15:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/05/25 09:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/18 17:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/02/04 13:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/18 16:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/18 16:51:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/31 15:24:14 | 000,000,000 | ---D | M]

[2011/03/01 18:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2013/12/23 17:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions
[2013/12/18 17:48:15 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2013/12/18 19:34:03 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/12/18 19:33:52 | 000,000,000 | ---D | M] (Default Tab) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\[email protected]
[2013/12/18 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\[email protected]
[2013/12/18 19:34:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\[email protected]
[2011/04/16 13:51:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\extensions\[email protected]
[2011/05/22 10:56:19 | 000,001,919 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\bing-zugo.xml
[2013/12/25 17:20:09 | 000,000,855 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\conduit-search.xml
[2013/12/18 18:20:22 | 000,001,997 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\search.xml
[2013/12/13 17:32:21 | 000,001,102 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\whitesmoke-new-customized-web-search.xml
[2013/05/25 09:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 09:51:08 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/18 17:48:08 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
[2013/01/30 08:55:08 | 000,003,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.comcast.n...id=tbid12042013
CHR - homepage: http://www.comcast.n...id=tbid12042013
CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.1.0_0\
CHR - Extension: AT_Porsche = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [iLivid] "C:\Users\Mark\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{396A362A-5949-4F48-B96E-BC1429B40A49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{396A362A-5949-4F48-B96E-BC1429B40A49}: NameServer = 75.75.75.75,75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629267CE-1DC1-4075-A850-A479B7DAA0C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629267CE-1DC1-4075-A850-A479B7DAA0C3}: NameServer = 75.75.75.75,75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/04 15:16:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2014/01/20 19:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/01/16 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2014/01/16 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2014/01/16 19:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/04 15:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/04 15:26:22 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA.job
[2014/02/04 15:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2014/02/04 14:55:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/04 13:56:05 | 000,654,021 | ---- | M] () -- C:\Users\Mark\Documents\legacy_com_obituaries_utsandiego_obituary_aspx.pdf
[2014/02/04 13:51:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 13:51:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 13:40:10 | 000,000,258 | RHS- | M] () -- C:\Users\Mark\ntuser.pol
[2014/02/04 13:39:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/04 13:39:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/04 13:39:32 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 19:32:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMark.job
[2014/02/01 09:58:06 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/01 09:58:06 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/01 09:58:06 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/29 17:29:48 | 000,002,366 | ---- | M] () -- C:\Users\Mark\Desktop\Google Chrome.lnk
[2014/01/26 16:26:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core.job
[2014/01/15 17:34:55 | 000,426,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/04 13:56:05 | 000,654,021 | ---- | C] () -- C:\Users\Mark\Documents\legacy_com_obituaries_utsandiego_obituary_aspx.pdf
[2013/08/02 11:12:23 | 000,000,017 | ---- | C] () -- C:\Users\Mark\AppData\Local\resmon.resmoncfg
[2013/05/25 09:50:27 | 000,000,258 | RHS- | C] () -- C:\Users\Mark\ntuser.pol
[2012/12/31 15:20:42 | 000,222,855 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/12/31 15:20:42 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/25 09:50:22 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DefaultTab
[2014/02/04 13:42:47 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ID Vault
[2010/12/03 12:15:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PictureMover
[2013/08/02 10:54:22 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TeamViewer
[2011/12/27 09:17:10 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Tific
[2010/12/04 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WinBatch
[2012/10/19 14:58:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Mark Green,

I am not sure if this is spam or a hoax.


I suppose it could be spam but more likely it's malicious, I would be leaning to malicious with the stuff showing in your machines browsers.

You do have quite a bit of adware and browser hijack stuff showing in that log.

Before we deal to it let's look a bit further with another tool:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I have run he Farbar Recovery scan tool. The two results are listed below. I am certainly sure there is malicious stuff going on because I ma getting my browser hijacked. Thanks for your help

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Mark (administrator) on MARK-HP on 04-02-2014 17:22:33
Running from C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDQWV7C0
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
() C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
() C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
(Weather Notifications, LLC) C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(CallingID Ltd.) C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [CommonToolkitTray] - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1497120 2013-07-08] (SPAMfighter ApS)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [Google Update] - C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-17] (Google Inc.)
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [iLivid] - "C:\Users\Mark\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
URLSearchHook: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {6605844B-7573-459F-A880-48AB3B659809} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope {CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {6605844B-7573-459F-A880-48AB3B659809} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.xfinit...q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {26F5EF70-17F7-4414-9FEF-66B229BF304B} URL = http://us.yhs4.searc...0521,0,0,6,7635
SearchScopes: HKCU - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.xfinit...q={searchTerms}
SearchScopes: HKCU - {5C072A34-D129-32BD-D2E0-69B2EBD20454} URL = http://www.bing.com/...013&form=ZGAIDF
SearchScopes: HKCU - {63D37083-5D32-47A8-A7D0-28677FEE98EF} URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {6605844B-7573-459F-A880-48AB3B659809} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/...039&form=ZGAIDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - {A4DD9A60-DFDD-4411-B214-4CA2D0818434} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15} URL = http://search.condui...UM=2&SSPV=TB_C5
SearchScopes: HKCU - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {E73C63EC-225D-44FA-8B15-9AE912214F14} URL = http://www.flickr.co...q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
BHO-x32: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
BHO-x32: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{396A362A-5949-4F48-B96E-BC1429B40A49}: [NameServer]75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{629267CE-1DC1-4075-A850-A479B7DAA0C3}: [NameServer]75.75.75.75,75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\user.js
FF DefaultSearchEngine: WhiteSmoke New Customized Web Search
FF SearchEngineOrder.1: Xfinity.com Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.comcast.net/tt2/?cid=tbid12042013
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN22897658343107920&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Mark\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\whitesmoke-new-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml
FF Extension: Default Tab - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: No Name - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: Yontoo - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: Search Toolbar - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2011-04-16]
FF Extension: XFINITY Toolbar - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2013-12-03]
FF Extension: WhiteSmoke New - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [2013-12-18]
FF Extension: LessTabs - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: LessTabs - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-31]

Chrome:
=======
CHR HomePage: hxxp://www.comcast.net/tt2/?cid=tbid12042013
CHR RestoreOnStartup: "hxxp://www.comcast.net/tt2/?cid=tbid12042013",
"hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN20740856992737324&UM=2"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo....p={searchTerms}
CHR Extension: (LessTabs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb [2013-05-25]
CHR Extension: (AT_Porsche) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2010-12-17]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-05-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-05-11]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2013-05-25]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-11]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-10]
CHR StartMenuInternet: Google Chrome - C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-13] (Advanced Micro Devices, Inc.)
R2 DefaultTabUpdate; C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-05-25] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 YNanoService; C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-07-25] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-18] (Zemana Ltd.)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140204.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\ENG64.SYS [126040 2013-12-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\EX64.SYS [2099288 2013-12-18] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-25] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 17:22 - 2014-02-04 17:22 - 00000000 ____D () C:\FRST
2014-02-04 17:05 - 2014-02-04 17:21 - 00000380 _____ () C:\Windows\Tasks\SLOW-PCfighter64-Mark-Startup.job
2014-02-04 17:05 - 2014-02-04 17:14 - 00000382 _____ () C:\Windows\Tasks\SLOW-PCfighter64-Mark-Notification.job
2014-02-04 17:05 - 2014-02-04 17:05 - 00003442 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-Mark-Notification
2014-02-04 17:05 - 2014-02-04 17:05 - 00002756 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-Mark-Startup
2014-02-04 17:05 - 2014-02-04 17:05 - 00002050 _____ () C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Fighters
2014-02-04 17:04 - 2014-02-04 17:23 - 00000000 ____D () C:\Users\Mark\AppData\Local\SevereWeatherAlerts
2014-02-04 17:04 - 2014-02-04 17:17 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\Weather_Notifications,_LL
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files\Fighters
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files (x86)\WebSparkle
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files (x86)\Fighters
2014-02-04 15:16 - 2014-02-04 15:16 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-14 16:52 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 16:52 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 16:52 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 16:35 - 2014-02-04 13:40 - 00003786 _____ () C:\Windows\System32\Tasks\DTReg

==================== One Month Modified Files and Folders =======

2014-02-04 17:23 - 2014-02-04 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\SevereWeatherAlerts
2014-02-04 17:22 - 2014-02-04 17:22 - 00000000 ____D () C:\FRST
2014-02-04 17:21 - 2014-02-04 17:05 - 00000380 _____ () C:\Windows\Tasks\SLOW-PCfighter64-Mark-Startup.job
2014-02-04 17:20 - 2010-11-22 20:33 - 01589730 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 17:17 - 2014-02-04 17:04 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-04 17:16 - 2013-12-03 16:54 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ID Vault
2014-02-04 17:14 - 2014-02-04 17:05 - 00000382 _____ () C:\Windows\Tasks\SLOW-PCfighter64-Mark-Notification.job
2014-02-04 17:14 - 2011-03-05 21:56 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 17:14 - 2010-12-03 12:01 - 00532648 _____ () C:\Windows\PFRO.log
2014-02-04 17:14 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 17:14 - 2009-07-13 20:51 - 00138962 _____ () C:\Windows\setupact.log
2014-02-04 17:05 - 2014-02-04 17:05 - 00003442 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-Mark-Notification
2014-02-04 17:05 - 2014-02-04 17:05 - 00002756 _____ () C:\Windows\System32\Tasks\SLOW-PCfighter64-Mark-Startup
2014-02-04 17:05 - 2014-02-04 17:05 - 00002050 _____ () C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Fighters
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\Weather_Notifications,_LL
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files\Fighters
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files (x86)\WebSparkle
2014-02-04 17:04 - 2014-02-04 17:04 - 00000000 ____D () C:\Program Files (x86)\Fighters
2014-02-04 17:04 - 2010-12-03 12:14 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 16:55 - 2012-04-01 05:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 16:28 - 2011-03-05 21:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 16:26 - 2010-12-17 14:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA.job
2014-02-04 16:26 - 2010-12-17 14:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core.job
2014-02-04 15:43 - 2011-12-28 07:46 - 00130812 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-02-04 15:16 - 2014-02-04 15:16 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-02-04 14:55 - 2012-04-01 05:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 14:55 - 2012-04-01 05:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 14:55 - 2011-05-18 17:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 14:51 - 2013-12-03 16:53 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-02-04 13:56 - 2010-12-03 12:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\PDFC
2014-02-04 13:51 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 13:51 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 13:40 - 2014-01-14 16:35 - 00003786 _____ () C:\Windows\System32\Tasks\DTReg
2014-02-04 13:40 - 2013-05-25 09:50 - 00000258 __RSH () C:\Users\Mark\ntuser.pol
2014-02-04 13:40 - 2010-12-03 12:05 - 00000000 ____D () C:\Users\Mark
2014-02-01 19:32 - 2011-11-20 16:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark
2014-02-01 19:32 - 2011-11-20 16:03 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job
2014-02-01 09:58 - 2009-07-13 21:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 17:31 - 2010-11-22 20:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-01-29 17:29 - 2010-12-17 14:20 - 00002366 _____ () C:\Users\Mark\Desktop\Google Chrome.lnk
2014-01-26 13:10 - 2010-12-15 18:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-01-26 09:52 - 2009-07-13 21:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-23 16:53 - 2012-07-30 15:59 - 00000000 ____D () C:\Users\Mark\Documents\Family Rosters
2014-01-20 19:31 - 2010-11-22 20:31 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-20 19:28 - 2010-11-22 20:33 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-20 19:28 - 2010-06-14 18:07 - 00000000 ____D () C:\swsetup
2014-01-20 07:41 - 2011-11-06 17:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-20 07:41 - 2010-12-05 17:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-20 07:40 - 2010-12-05 17:05 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HP Support Assistant
2014-01-20 07:40 - 2010-12-04 14:12 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HpUpdate
2014-01-18 08:45 - 2013-07-12 12:15 - 00000000 ____D () C:\Users\Mark\AppData\Local\Adobe
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-16 19:18 - 2014-01-16 19:18 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-15 17:34 - 2009-07-13 20:45 - 00426472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-14 19:35 - 2013-08-15 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-14 19:32 - 2010-12-05 19:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\ose00000.exe
C:\Users\Mark\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-24 12:45

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Mark at 2014-02-04 17:23:47
Running from C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDQWV7C0
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
AMD Problem Report Wizard (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (x32 Version: 1.9.1.105 - CinemaNow, Inc.)
Constant Guard Protection Suite (x32 Version: 1.13.1211.1 - Comcast)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab (x32 Version: 2.2.8.0 - Search Results, LLC) <==== ATTENTION
DefaultTab Chrome (x32 Version: 1.1.25 - ) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DMUninstaller (x32 Version: - )
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FoxTab FLV Player (HKCU Version: - ) <==== ATTENTION
FoxTab FLV Player (remove only) (x32 Version: - ) <==== ATTENTION
Google Chrome (HKCU Version: 33.0.1750.58 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (x32 Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Games (x32 Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP MAINSTREAM KEYBOARD (x32 Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6000 E609 Series (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.9572 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company) Hidden
HP Support Information (x32 Version: 10.1.0002 - Hewlett-Packard)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU Version: 0.9.14 - Hulu LLC)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (x32 Version: - )
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LessTabs (x32 Version: 1.7.1.0 - LessTabs)
LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox (3.6.14) (x32 Version: 3.6.14 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.2.28.24.exe - NETGEAR Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (x32 Version: 21.1.0.18 - Symantec Corporation)
PDF Complete Special Edition (x32 Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (x32 Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Posit Science InSight (x32 Version: 1.3.12.37120 - )
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.10.621.0 - NewspaperDirect Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (x32 Version: - Ralink)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Search Toolbar (x32 Version: 1.2 - Zugo Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Severe Weather Alerts (HKCU Version: 1.23.0.0 - Weather Notifications, LLC)
Shop for HP Supplies (Version: 14.0 - HP)
SLOW-PCfighter (Version: 1.7.68 - SPAMfighter ApS) Hidden
SLOW-PCfighter (Version: 1.7.68 - SPAMfighter ApS.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.4.12 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
XFINITY Toolbar (x32 Version: 4.0.0.23 - )
Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))
Yahoo! Axis (x32 Version: - Yahoo!)
Yahoo! Software Update (x32 Version: - )
Yahoo! Toolbar (x32 Version: - Yahoo! Inc.)
Yontoo Layers 1.10.01 (Version: 1.10.01 - ) <==== ATTENTION
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

13-12-2013 22:38:55 Norton Security Suite Registry
14-12-2013 01:49:09 Restore Operation
20-12-2013 18:06:07 Norton Security Suite Registry
15-01-2014 03:31:51 Windows Update
21-01-2014 03:30:30 Installed HP Support Assistant
05-02-2014 01:06:24 Removed CWA Reminder by We-Care.com v4.1.26.3

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {28E1229D-3C06-40E7-A144-32E395E54B24} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {3D9B12DF-B3DB-4717-B8C8-0FAFBC1AD031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {4967B7D9-3761-45DF-A9C7-265A6E33DEA4} - System32\Tasks\SLOW-PCfighter64-Mark-Startup => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08] (SPAMfighter ApS)
Task: {4EDAA3DE-FB2E-433F-A3E4-3F7307440C13} - System32\Tasks\DTReg => C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [2014-02-04] (Search Results, LLC) <==== ATTENTION
Task: {59F01E7D-B28B-44C6-86FF-FDCD5C61EB50} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5F994139-A27D-401D-A2E5-A0EC6591C8D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {71FD5DEB-500F-4E19-A5BD-2BAE638A628B} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {9073DE63-1645-4D66-B642-D283F72D0480} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {A12D5CF1-532C-46BA-B150-737C247FB833} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2858FA2-7C77-410B-B1FA-24B8F599A52D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17] (Google Inc.)
Task: {A90E58BC-0891-412C-9363-AD9BDACCDE57} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {AE12A4FA-0E4D-4206-9AFA-F5ACD8E8991B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05] (Google Inc.)
Task: {D8A2BD89-653A-48E4-89C3-3F4055F26AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17] (Google Inc.)
Task: {EC441F07-102A-4126-ACC3-D0E52F1B48DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05] (Google Inc.)
Task: {F6164ABC-8A36-4104-AF6B-AB3703FC1152} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F901EEE3-4B7F-4CE7-9152-0C974D7A65FB} - System32\Tasks\SLOW-PCfighter64-Mark-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08] (SPAMfighter ApS)
Task: {FE74D126-D8D9-4ADD-B7BA-8A0B5C6FFD78} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Mark-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Mark-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe

==================== Loaded Modules (whitelisted) =============

2013-07-08 21:02 - 2013-07-08 21:02 - 00076000 _____ () C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
2011-10-13 14:44 - 2011-10-13 14:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-10-13 15:01 - 2011-10-13 15:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 13:03 - 2011-11-02 13:03 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 17:22 - 2013-06-04 17:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 19:12 - 2013-05-09 19:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 00:43 - 2013-03-27 00:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-27 22:21 - 2013-05-27 22:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 00:52 - 2013-03-27 00:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 00:50 - 2013-03-27 00:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 18:56 - 2013-05-14 18:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-27 22:25 - 2013-04-27 22:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-13 21:18 - 2013-05-13 21:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 01:56 - 2012-11-29 01:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 18:58 - 2013-03-26 18:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-12-11 11:57 - 2013-12-11 11:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2011-08-11 07:27 - 2011-08-11 07:27 - 00020480 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00069632 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\java.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00126976 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\zip.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00159744 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2010-11-22 20:51 - 2009-02-19 17:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2013-01-30 08:55 - 2013-01-30 08:55 - 00088704 _____ () C:\Program Files (x86)\xfin_portal\comcastdx.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Officejet 6000 E609n
Description: Officejet 6000 E609n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4620 series
Description: Officejet 4620 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 05:01:33 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1784

Start Time: 01cf21f1f85ea12b

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (02/04/2014 04:34:01 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0e67569b-c39f-4839-81cb-c0c17a9a176e}

Error: (02/04/2014 03:25:15 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20cc

Start Time: 01cf22000c067ca3

Termination Time: 15

Application Path: C:\Users\Mark\Desktop\OTL.exe

Report Id: 852258c6-8df3-11e3-8f65-64315025c7af

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.


System errors:
=============
Error: (02/04/2014 05:16:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/04/2014 01:41:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/01/2014 09:41:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/01/2014 07:14:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/01/2014 06:27:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RACHEL-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{629267CE-1DC1-4075-A850-A479B7DAA0C3}.
The master browser is stopping or an election is being forced.

Error: (02/01/2014 06:13:13 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RACHEL-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{629267CE-1DC1-4075-A850-A479B7DAA0C3}.
The master browser is stopping or an election is being forced.

Error: (02/01/2014 06:10:58 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RACHEL-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{629267CE-1DC1-4075-A850-A479B7DAA0C3}.
The master browser is stopping or an election is being forced.

Error: (02/01/2014 06:01:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/01/2014 03:37:40 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{396A362A-5949-4F48-B96E-BC1429B40A49} because another computer on the network has the same name. The server could not start.

Error: (02/01/2014 00:21:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.


Microsoft Office Sessions:
=========================
Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 05:15:35 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 05:01:33 PM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.16428178401cf21f1f85ea12b0C:\Program Files\Internet Explorer\iexplore.exe

Error: (02/04/2014 04:34:01 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0e67569b-c39f-4839-81cb-c0c17a9a176e}

Error: (02/04/2014 03:25:15 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.020cc01cf22000c067ca315C:\Users\Mark\Desktop\OTL.exe852258c6-8df3-11e3-8f65-64315025c7af

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 01:40:22 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8191.29 MB
Available physical RAM: 5320.26 MB
Total Pagefile: 16380.75 MB
Available Pagefile: 13047.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.95 GB) (Free:836.45 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.46 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: B486D5BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Mark Green,

Bit to do in this post. ;)

Please uninstall the following programs if they are there:

DefaultTab
DefaultTab Chrome
FoxTab FLV Player
FoxTab FLV Player (remove only)
Yontoo Layers 1.10.01


They are adware, browser hijackers or malicious programs.

After that

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Then

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Finally in this post

Please run FRST again with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

So when you return please post
  • Fixlog.txt
  • JRT.txt
  • AdwCleaner txt
  • FRST.txt
  • Addition.txt

  • 0

#5
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Okay, I hope I did all I was supposed to. I removed the programs and ran the scans and fixes. I may have mixed up on FRST fix and scan as I ran the fix a second time and saved that (when I should have run the scan I believe). So I am not sure how the order will affect this effort. Anyway here are the Fixlog.txt, JRT.txt, AdwCleaner.txt, FRST.txt and Addition.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2014
Ran by Mark at 2014-02-04 19:45:42 Run:2
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Mark\AppData\Roaming\DefaultTab
C:\Users\Mark\AppData\Local\iLivid
C:\Users\Mark\AppData\Local\SevereWeatherAlerts
C:\Program Files (x86)\LessTabs
C:\Program Files (x86)\Search Toolbar
C:\Users\Mark\AppData\Local\CRE
C:\Program Files (x86)\WebSparkle
C:\ProgramData\BrowserProtect
C:\ProgramData\Browser Manager
C:\ProgramData\BitGuard
HKLM-x32\...\Run: [] - [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [iLivid] - "C:\Users\Mark\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {63D37083-5D32-47A8-A7D0-28677FEE98EF} URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - {A4DD9A60-DFDD-4411-B214-4CA2D0818434} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15} URL = http://search.condui...UM=2&SSPV=TB_C5
SearchScopes: HKCU - {E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {E73C63EC-225D-44FA-8B15-9AE912214F14} URL = http://www.flickr.co...q={searchTerms}
BHO-x32: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\user.js
FF DefaultSearchEngine: WhiteSmoke New Customized Web Search
FF SelectedSearchEngine: Conduit Search
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN22897658343107920&UM=2&q=
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\whitesmoke-new-customized-web-search.xml
FF Extension: Default Tab - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: No Name - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: Yontoo - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2013-12-18]
FF Extension: Search Toolbar - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] [2011-04-16]
FF Extension: WhiteSmoke New - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [2013-12-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: LessTabs - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-25]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-05-26]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-10]
R2 DefaultTabUpdate; C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-05-25] ()
C:\Users\Mark\AppData\Local\Temp\ose00000.exe
C:\Users\Mark\AppData\Local\Temp\Uninstall.exe
Task: {4EDAA3DE-FB2E-433F-A3E4-3F7307440C13} - System32\Tasks\DTReg => C:\Users\Mark\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [2014-02-04] (Search Results, LLC) <==== ATTENTION
































*****************

"C:\Users\Mark\AppData\Roaming\DefaultTab" => File/Directory not found.
"C:\Users\Mark\AppData\Local\iLivid" => File/Directory not found.
"C:\Users\Mark\AppData\Local\SevereWeatherAlerts" => File/Directory not found.
"C:\Program Files (x86)\LessTabs" => File/Directory not found.
"C:\Program Files (x86)\Search Toolbar" => File/Directory not found.
"C:\Users\Mark\AppData\Local\CRE" => File/Directory not found.
"C:\Program Files (x86)\WebSparkle" => File/Directory not found.
"C:\ProgramData\BrowserProtect" => File/Directory not found.
"C:\ProgramData\Browser Manager" => File/Directory not found.
"C:\ProgramData\BitGuard" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found.
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value not found.
"c:\\progra~2\\movies~1\\datamngr\\x64\\mgrldr.dll" => Value Data not found.
"c:\\progra~2\\movies~1\\datamngr\\mgrldr.dll" => Value Data not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key not found.
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk not found.
C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe not found.
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk not found.
C:\Users\Mark\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKCR\CLSID\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKCR\Wow6432Node\CLSID\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63D37083-5D32-47A8-A7D0-28677FEE98EF} => Key not found.
HKCR\CLSID\{63D37083-5D32-47A8-A7D0-28677FEE98EF} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4DD9A60-DFDD-4411-B214-4CA2D0818434} => Key not found.
HKCR\CLSID\{A4DD9A60-DFDD-4411-B214-4CA2D0818434} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15} => Key not found.
HKCR\CLSID\{CAD48BC7-8BC7-4D34-A66F-ADD5713ECB15} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKCR\CLSID\{E3D97E9D-29BC-40D5-9DA2-EF90E1184EBA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E73C63EC-225D-44FA-8B15-9AE912214F14} => Key not found.
HKCR\CLSID\{E73C63EC-225D-44FA-8B15-9AE912214F14} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496} => Key not found.
HKCR\Wow6432Node\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKCR\Wow6432Node\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} => Value not found.
HKCR\Wow6432Node\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} => Value not found.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\user.js not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\bing-zugo.xml" => not found.
"C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\conduit-search.xml" => not found.
"C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\search.xml" => not found.
"C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\searchplugins\whitesmoke-new-customized-web-search.xml" => not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\[email protected] not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] not found.
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key not found.
"C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key not found.
"C:\Users\Mark\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found.
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx" => Scheduled to move on reboot.
DefaultTabUpdate => Service not found.
"C:\Users\Mark\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\Uninstall.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EDAA3DE-FB2E-433F-A3E4-3F7307440C13} => Key not found.
C:\Windows\System32\Tasks\DTReg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => Key not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-04 19:49:11)<=

"C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx" => File could not move.

==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mark on Tue 02/04/2014 at 18:59:13.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-0870_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-0870_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-0870_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-0870_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6605844B-7573-459F-A880-48AB3B659809}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6605844B-7573-459F-A880-48AB3B659809}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\comcasttb"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{0D7FD7B1-2B4A-45EC-972A-1942FC815792}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{0E00235C-57B9-4610-884A-F8D1F1E67D19}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{0FE25C55-9EB5-4966-AE3F-08670BBFB162}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{103D9BD0-1540-4E09-B3C6-CAE2AB65D319}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{11317FDE-4CBF-40CD-8B6B-C54DC4509EA3}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{14F12B25-1D16-4D03-B382-81FFB62FC12D}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{28DB3E57-EA67-440F-89B0-14B10F4ECEED}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{2C98C842-2C44-48DE-BA2D-C5A5F5C5DE4F}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{2D429380-6BDD-4620-BD97-0974D1202965}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{316C9A31-920E-4230-AEF4-47F4AF4996B1}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{3305F1EC-C5C8-4889-A8D7-39A1C4E1D006}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{33EA34AE-D8ED-4D94-A190-ACCDA7D8AE17}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{38B66206-C6AC-41EA-9B8F-3C10298BEB8E}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{392B7F53-E1CD-41A5-B8F2-57B7EF7FDA60}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{3E444D3C-959F-4428-9C25-3F1E94AF1508}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{4081800E-244C-49A7-A0B1-7297E5493AA7}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{4DE9F2F0-141C-4702-A4BB-76B7B4B58006}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{4F2BA26F-3CB8-4D35-97AF-0B09D232A53E}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{52C05C18-7A3E-4BD0-A895-5F94D020768C}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{52FCAA90-2D8D-4716-9CDB-2441F03140ED}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{57D9E18A-B874-4E5D-8247-20CB23A154FA}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{588D4410-5804-4887-BD48-2FBC468FCE3E}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{6061734F-2FC0-4E7A-9F61-549DC6B9639E}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{6CAD7381-DF79-408E-9CA4-CEA6D4DF48BB}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{6DDF2084-E071-4883-BADB-ECC88EEF8FAD}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{6FC386FA-1A3A-42B8-82B3-93061DE3C00D}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{7068A920-69B3-4336-B4A9-3DD584EBB90B}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{74CDFC9F-8858-4684-B2D0-0A2C913592D0}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{7675C7AD-C628-4B61-94CA-80C8DFCC29F1}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{83B4578A-E151-4CD7-B3A1-93F4BD8D9B5B}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{85AE307E-CFCD-4D5B-8D09-8EA44760F9DB}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{86F3D879-5610-4E86-9E64-6AE8E0EAF49D}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{877B949D-A266-4194-B522-5A31AB7F3C4A}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{8C4D4FE0-6777-4EA7-AF76-49EE502FF64A}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{983D64DF-005F-48AA-A519-223267FD1B58}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{9C7E61A7-B6D3-4698-843B-71962DF32412}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{9D981026-60AE-4108-A2B1-CA793E2805F3}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{9E21E05C-0B0D-49AE-95DD-04800FA18D8A}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{9E97C9CA-A47E-4D0C-9D43-010A451B71BA}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{A7EF584F-F52D-43B8-B7A1-71FC2C55BC70}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{A9E1CFF4-43CF-452B-8684-C854D182421B}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{AD415792-8CD2-4250-B8EE-F3010F9822D8}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{AE52684E-6775-450A-8C4E-B73AE87B0FF8}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{B0282F71-7916-4458-803F-170AFB94BF23}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{BC668364-9B53-4FBB-800A-AA05CC29CF85}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{BEC11C7F-FD37-4E7C-8835-F5F5D91EFAC4}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{C39A92CA-07B7-4B7D-B9DC-D0BA2631BD77}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{C50FE962-53FC-4736-A9A7-5B80322BD13B}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{D3AD3DC8-E692-4B82-B0D6-AED4A443C29F}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{DA27F7B3-4218-4C5D-B1BA-CDA1DCABFE31}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{DA8156F2-EC40-4CDC-836C-32D6C749C278}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{EC96471A-3AD9-4508-927B-46DA6BFE5F73}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{ECE2A5F8-E55C-48A1-BE41-2129EC5A38B4}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{EFB692FD-882A-4DFA-9E77-4C6F9335759F}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{F53AB2E5-F1CC-4D54-8DC6-809E67447BC5}
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{FDB4E788-06D2-4FFC-B53A-6F2DDDC72275}



~~~ FireFox

Successfully deleted the following from C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\4hmducuh.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN22897658343107920&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN22897658343107920&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Conduit Search");
user_pref("extensions.defaulttab.active.affiliate", 3255);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "BB430AD1A155C63021472C100F4549B9");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"set_default_search\": \"Search|Conduit\", \"features\": [{\"engine\": \"Related Search - NS1 - D
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installdate", 1355888072);
user_pref("extensions.defaulttab.installedVersion", "2.2.41");
user_pref("extensions.defaulttab.lastUsed", 1387425918);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
user_pref("[email protected]", true);
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN22897658343107920&UM=2&SearchSource=13");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN22897658343107920&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
user_pref("smartbar.homePageOwnerCTID", "CT3289847");
user_pref("smartbar.machineId", "MSWKOZTOXMN8GEXFQBALBHZVD+P98EHT75ZWJYG/SQT6MGBJTRMDJCCSIUKCTY15RPMWS9BM8PAO9EBQBXVWOQ");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 19:08:40.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.018 - Report created 04/02/2014 at 19:36:34
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark - MARK-HP
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Mark\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Mark\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\xfin_portal
Folder Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\.autoreg
File Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\defaulttab.config

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v3.6.14 (en-US)

[ File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\prefs.js ]

Line Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387848093337,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"set_default_search\": \"Search|Conduit\", \"features\": [{\"engine\": \"Related Search - NS1 - DDC\", \"additional_config[...]
Line Deleted : user_pref("extentions.y2layers.installId", "18426fbe-31f9-4660-bede-dc13fd43a973");

-\\ Google Chrome v

[ File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5517 octets] - [04/02/2014 19:19:35]
AdwCleaner[S0].txt - [5409 octets] - [04/02/2014 19:36:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5469 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Mark (administrator) on MARK-HP on 04-02-2014 19:52:20
Running from C:\Users\Mark\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
() C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [Google Update] - C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-17] (Google Inc.)
HKU\S-1-5-21-1754563139-2367873937-1084223949-1001\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
URLSearchHook: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {6605844B-7573-459F-A880-48AB3B659809} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {26F5EF70-17F7-4414-9FEF-66B229BF304B} URL = http://us.yhs4.searc...0521,0,0,6,7635
SearchScopes: HKCU - {281558A3-8AA0-412C-96C9-6598009A7FAD} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {5C072A34-D129-32BD-D2E0-69B2EBD20454} URL = http://www.bing.com/...013&form=ZGAIDF
SearchScopes: HKCU - {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/...039&form=ZGAIDF
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{396A362A-5949-4F48-B96E-BC1429B40A49}: [NameServer]75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{629267CE-1DC1-4075-A850-A479B7DAA0C3}: [NameServer]75.75.75.75,75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default
FF SearchEngineOrder.1: Xfinity.com Search
FF Homepage: hxxp://www.comcast.net/tt2/?cid=tbid12042013
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Mark\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-31]

Chrome:
=======
CHR HomePage: hxxp://www.comcast.net/
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo....p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (LessTabs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb [2013-05-25]
CHR Extension: (AT_Porsche) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2010-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-05-11]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2012-05-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-13] (Advanced Micro Devices, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 YNanoService; C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-07-25] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-18] (Zemana Ltd.)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140204.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\ENG64.SYS [126040 2013-12-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.001\EX64.SYS [2099288 2013-12-18] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-25] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 19:40 - 2014-02-04 19:40 - 00005573 _____ () C:\Users\Mark\Desktop\AdwCleaner[S0].txt
2014-02-04 19:18 - 2014-02-04 19:36 - 00000000 ____D () C:\AdwCleaner
2014-02-04 19:17 - 2014-02-04 19:17 - 01166132 _____ () C:\Users\Mark\Desktop\AdwCleaner.exe
2014-02-04 19:08 - 2014-02-04 19:08 - 00014397 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-02-04 18:59 - 2014-02-04 18:59 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 18:57 - 2014-02-04 18:57 - 01037530 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-02-04 18:43 - 2014-02-04 18:43 - 02080256 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-02-04 17:35 - 2014-02-04 19:44 - 00037165 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-02-04 17:34 - 2014-02-04 19:52 - 00021523 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-02-04 17:22 - 2014-02-04 19:52 - 00000000 ____D () C:\FRST
2014-02-04 15:16 - 2014-02-04 15:16 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-14 16:52 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 16:52 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 16:52 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 16:52 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-04 19:52 - 2014-02-04 17:34 - 00021523 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-02-04 19:52 - 2014-02-04 17:22 - 00000000 ____D () C:\FRST
2014-02-04 19:51 - 2013-12-03 16:54 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ID Vault
2014-02-04 19:46 - 2011-03-05 21:56 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 19:46 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 19:46 - 2009-07-13 20:51 - 00139186 _____ () C:\Windows\setupact.log
2014-02-04 19:45 - 2010-11-22 20:33 - 01616217 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 19:45 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:45 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:44 - 2014-02-04 17:35 - 00037165 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-02-04 19:40 - 2014-02-04 19:40 - 00005573 _____ () C:\Users\Mark\Desktop\AdwCleaner[S0].txt
2014-02-04 19:36 - 2014-02-04 19:18 - 00000000 ____D () C:\AdwCleaner
2014-02-04 19:28 - 2011-03-05 21:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 19:26 - 2010-12-17 14:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA.job
2014-02-04 19:17 - 2014-02-04 19:17 - 01166132 _____ () C:\Users\Mark\Desktop\AdwCleaner.exe
2014-02-04 19:08 - 2014-02-04 19:08 - 00014397 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-02-04 18:59 - 2014-02-04 18:59 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 18:57 - 2014-02-04 18:57 - 01037530 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-02-04 18:55 - 2012-04-01 05:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 18:43 - 2014-02-04 18:43 - 02080256 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-02-04 18:38 - 2011-04-16 13:51 - 00000000 ____D () C:\Program Files (x86)\FoxTabFlvPlayer
2014-02-04 18:37 - 2013-12-03 16:53 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-02-04 18:06 - 2010-12-03 12:14 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 17:14 - 2010-12-03 12:01 - 00532648 _____ () C:\Windows\PFRO.log
2014-02-04 16:26 - 2010-12-17 14:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core.job
2014-02-04 15:43 - 2011-12-28 07:46 - 00130812 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-02-04 15:16 - 2014-02-04 15:16 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-02-04 14:55 - 2012-04-01 05:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 14:55 - 2012-04-01 05:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 14:55 - 2011-05-18 17:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 13:56 - 2010-12-03 12:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\PDFC
2014-02-04 13:40 - 2013-05-25 09:50 - 00000258 __RSH () C:\Users\Mark\ntuser.pol
2014-02-04 13:40 - 2010-12-03 12:05 - 00000000 ____D () C:\Users\Mark
2014-02-01 19:32 - 2011-11-20 16:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark
2014-02-01 19:32 - 2011-11-20 16:03 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job
2014-02-01 09:58 - 2009-07-13 21:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 17:31 - 2010-11-22 20:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-01-29 17:29 - 2010-12-17 14:20 - 00002366 _____ () C:\Users\Mark\Desktop\Google Chrome.lnk
2014-01-26 13:10 - 2010-12-15 18:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-01-26 09:52 - 2009-07-13 21:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-23 16:53 - 2012-07-30 15:59 - 00000000 ____D () C:\Users\Mark\Documents\Family Rosters
2014-01-20 19:31 - 2010-11-22 20:31 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-20 19:28 - 2010-11-22 20:33 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-20 19:28 - 2010-06-14 18:07 - 00000000 ____D () C:\swsetup
2014-01-20 07:41 - 2011-11-06 17:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-20 07:41 - 2010-12-05 17:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-20 07:40 - 2010-12-05 17:05 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HP Support Assistant
2014-01-20 07:40 - 2010-12-04 14:12 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HpUpdate
2014-01-18 08:45 - 2013-07-12 12:15 - 00000000 ____D () C:\Users\Mark\AppData\Local\Adobe
2014-01-15 17:34 - 2009-07-13 20:45 - 00426472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-14 19:35 - 2013-08-15 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-14 19:32 - 2010-12-05 19:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-24 12:45

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Mark at 2014-02-04 19:53:35
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
AMD Problem Report Wizard (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (x32 Version: 1.9.1.105 - CinemaNow, Inc.)
Constant Guard Protection Suite (x32 Version: 1.13.1211.1 - Comcast)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DMUninstaller (x32 Version: - )
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKCU Version: 33.0.1750.58 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (x32 Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Games (x32 Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP MAINSTREAM KEYBOARD (x32 Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6000 E609 Series (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.9572 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company) Hidden
HP Support Information (x32 Version: 10.1.0002 - Hewlett-Packard)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU Version: 0.9.14 - Hulu LLC)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (x32 Version: - )
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LessTabs (x32 Version: 1.7.1.0 - LessTabs)
LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox (3.6.14) (x32 Version: 3.6.14 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.2.28.24.exe - NETGEAR Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (x32 Version: 21.1.0.18 - Symantec Corporation)
PDF Complete Special Edition (x32 Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (x32 Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Posit Science InSight (x32 Version: 1.3.12.37120 - )
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.10.621.0 - NewspaperDirect Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (x32 Version: - Ralink)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Search Toolbar (x32 Version: 1.2 - Zugo Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.4.12 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))
Yahoo! Axis (x32 Version: - Yahoo!)
Yahoo! Software Update (x32 Version: - )
Yahoo! Toolbar (x32 Version: - Yahoo! Inc.)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

13-12-2013 22:38:55 Norton Security Suite Registry
14-12-2013 01:49:09 Restore Operation
20-12-2013 18:06:07 Norton Security Suite Registry
15-01-2014 03:31:51 Windows Update
21-01-2014 03:30:30 Installed HP Support Assistant
05-02-2014 01:06:24 Removed CWA Reminder by We-Care.com v4.1.26.3

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {28E1229D-3C06-40E7-A144-32E395E54B24} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {3D9B12DF-B3DB-4717-B8C8-0FAFBC1AD031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {59F01E7D-B28B-44C6-86FF-FDCD5C61EB50} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5F994139-A27D-401D-A2E5-A0EC6591C8D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {71FD5DEB-500F-4E19-A5BD-2BAE638A628B} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {9073DE63-1645-4D66-B642-D283F72D0480} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {A12D5CF1-532C-46BA-B150-737C247FB833} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2858FA2-7C77-410B-B1FA-24B8F599A52D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17] (Google Inc.)
Task: {A90E58BC-0891-412C-9363-AD9BDACCDE57} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {AE12A4FA-0E4D-4206-9AFA-F5ACD8E8991B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05] (Google Inc.)
Task: {D8A2BD89-653A-48E4-89C3-3F4055F26AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17] (Google Inc.)
Task: {EC441F07-102A-4126-ACC3-D0E52F1B48DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05] (Google Inc.)
Task: {F6164ABC-8A36-4104-AF6B-AB3703FC1152} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE74D126-D8D9-4ADD-B7BA-8A0B5C6FFD78} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001Core.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1754563139-2367873937-1084223949-1001UA.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 14:44 - 2011-10-13 14:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-10-13 15:01 - 2011-10-13 15:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 13:03 - 2011-11-02 13:03 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 17:22 - 2013-06-04 17:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 19:12 - 2013-05-09 19:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 00:43 - 2013-03-27 00:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-27 22:21 - 2013-05-27 22:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 00:52 - 2013-03-27 00:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 00:50 - 2013-03-27 00:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 18:56 - 2013-05-14 18:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-27 22:25 - 2013-04-27 22:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-13 21:18 - 2013-05-13 21:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 00:42 - 2013-03-27 00:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 01:56 - 2012-11-29 01:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 18:58 - 2013-03-26 18:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 00:51 - 2013-03-27 00:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 00:49 - 2013-03-27 00:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 18:58 - 2013-03-26 18:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00020480 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00069632 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\java.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00126976 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\bin\zip.dll
2011-08-11 07:27 - 2011-08-11 07:27 - 00159744 _____ () C:\Users\Mark\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2010-11-22 20:51 - 2009-02-19 17:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2013-12-11 11:57 - 2013-12-11 11:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Officejet 6000 E609n
Description: Officejet 6000 E609n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4620 series
Description: Officejet 4620 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:13:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:13:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.


System errors:
=============
Error: (02/04/2014 07:48:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/04/2014 07:40:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/04/2014 07:14:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.

Error: (02/04/2014 07:11:21 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:50:05 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 8.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:39:10 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 17 8.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.

Error: (02/04/2014 07:13:04 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 9.1.168.192.in-addr.arpa. PTR Mark-HP.local.

Error: (02/04/2014 07:13:04 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353 17 9.1.168.192.in-addr.arpa. PTR Mark-HP-2.local.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8191.29 MB
Available physical RAM: 5755.57 MB
Total Pagefile: 16380.75 MB
Available Pagefile: 13644.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.95 GB) (Free:836.85 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.46 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: B486D5BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again Mark Green,

So I am not sure how the order will affect this effort.


If there had been a rootkit there it could have been a real problem but there isn't, so all it has cost is about an hours work on my part lol.

Now

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
So when you return please post
  • MBAM log
  • ESET scan results
  • and tell me how your machine is now

  • 0

#7
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am having problems with the ESET scan. I am using IE on Windows 7. I clicked on the blue run EST online Scan. A dialogue opened up but it didn't do anything. Maybe I misunderstood, I wasn't supposed to download th 30 day free trial was I?

Attached are the MBAM log(s):
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Mark :: MARK-HP [administrator]

Protection: Enabled

2/4/2014 8:25:02 PM
mbam-log-2014-02-04 (20-25-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227157
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Mark\Desktop\Xvid-Setup-dm-6.exe (Adware.Searchbar) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1754563139-2367873937-1084223949-1001\$RYTJF1Q.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Local\Temp\5039159.Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)
2014/02/04 20:24:01 -0800 MARK-HP Mark MESSAGE Executing scheduled update: Daily
2014/02/04 20:24:09 -0800 MARK-HP Mark MESSAGE Starting protection
2014/02/04 20:24:09 -0800 MARK-HP Mark MESSAGE Protection started successfully
2014/02/04 20:24:09 -0800 MARK-HP Mark MESSAGE Starting IP protection
2014/02/04 20:24:30 -0800 MARK-HP Mark MESSAGE IP Protection started successfully
2014/02/04 20:24:37 -0800 MARK-HP Mark MESSAGE Starting database refresh
2014/02/04 20:24:37 -0800 MARK-HP Mark MESSAGE Stopping IP protection
2014/02/04 20:24:42 -0800 MARK-HP Mark MESSAGE IP Protection stopped successfully
2014/02/04 20:24:42 -0800 MARK-HP Mark MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2014.02.05.02
2014/02/04 20:24:45 -0800 MARK-HP Mark MESSAGE Database refreshed successfully
2014/02/04 20:24:45 -0800 MARK-HP Mark MESSAGE Starting IP protection
2014/02/04 20:24:50 -0800 MARK-HP Mark MESSAGE IP Protection started successfully
2014/02/04 20:32:28 -0800 MARK-HP Mark MESSAGE Starting protection
2014/02/04 20:32:28 -0800 MARK-HP Mark MESSAGE Protection started successfully
2014/02/04 20:32:28 -0800 MARK-HP Mark MESSAGE Starting IP protection
2014/02/04 20:32:34 -0800 MARK-HP Mark MESSAGE IP Protection started successfully
2014/02/04 20:36:56 -0800 MARK-HP Mark MESSAGE Stopping IP protection
2014/02/04 20:36:57 -0800 MARK-HP Mark MESSAGE IP Protection stopped successfully
2014/02/04 20:36:57 -0800 MARK-HP Mark MESSAGE Protection stopped
2014/02/04 20:37:07 -0800 MARK-HP Mark MESSAGE Starting protection
2014/02/04 20:37:07 -0800 MARK-HP Mark MESSAGE Protection started successfully
2014/02/04 20:37:07 -0800 MARK-HP Mark MESSAGE Starting IP protection
2014/02/04 20:37:25 -0800 MARK-HP Mark MESSAGE IP Protection started successfully
2014/02/04 20:37:37 -0800 MARK-HP Mark MESSAGE Starting database refresh
2014/02/04 20:37:37 -0800 MARK-HP Mark MESSAGE Stopping IP protection
2014/02/04 20:37:42 -0800 MARK-HP Mark MESSAGE IP Protection stopped successfully
2014/02/04 20:37:46 -0800 MARK-HP Mark MESSAGE Database refreshed successfully
2014/02/04 20:37:46 -0800 MARK-HP Mark MESSAGE Starting IP protection
2014/02/04 20:37:52 -0800 MARK-HP Mark MESSAGE IP Protection started successfully
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I wasn't supposed to download th 30 day free trial was I?


Nope. If you have done that then I think the best option is to uninstall it.

Next

Try this one, not so thorough but unlikely you will make a mistake with it.

Please run a free on line scan with BitDefender Online Scanner

  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

  • 0

#9
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Actually I got the scan to work (it is downloading virus database now). It says it could take hours to run the scan so it may be a while. When done (probably tomorrow!) I will post the log). Thanks!
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Well done. :thumbsup:

Yes it does take quite a time to run.

Catch you tomorrow. :)
  • 0

#11
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
And finally here is the ESET scan:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\dtuser.exe.vir a variant of Win32/Toolbar.Visicom.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\LocalLow\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\LocalLow\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4hmducuh.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\LessTabs04-02-2014_18-44-00\IE32\LessTabsClientIE.dll a variant of Win32/AdWare.Vitruvian.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\Search Toolbar04-02-2014_18-44-00\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\FRST\Quarantine\Search Toolbar04-02-2014_18-44-00\SearchToolbarUpdater.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application cleaned by deleting - quarantined

So far haven't seen any pop up windows, etc. Hopefully this did the trick. Anything else I need to do? Thanks so much for all your help.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again Mark Green,

So far haven't seen any pop up windows, etc.


All looks okay to me now. I think you are good to go. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
Mark Green

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you very much for all the help!
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Thank you very much for all the help!


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issues arise.
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP