computer is infected

Author	All Replies
Michelle @insightbb.com 1 edit	computer is infected I followed all the steps:: I tried to run the TFC program but when I tried to run it the screen dissappered and the computer turned off and rebooted... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.05.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Evan :: EVAN-HP [administrator] 12/5/2012 11:57:36 AM mbam-log-2012-12-05 (11-57-36).txt Scan type: Full scan (C:\\|D:\\|E:\\|F:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 342446 Time elapsed: 24 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\|Start Page (PUP.FunMoods) -> Bad: (»searchfunmoods.com/?f=1&a=downlo···85422069) Good: (»www.google.com) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Evan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. (end)
	to forum · permalink · 2012-12-05 14:03:18 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54	Do you have the MalwareByte's log as well as the complete log from ESET?
	to forum · permalink · 2012-12-05 16:23:17 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54	reply to Michelle [Placeholder]
	to forum · permalink · 2012-12-05 16:24:07 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Cellphones, Provid..	reply to Michelle OTL logfile created on: 12/5/2012 12:28:20 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.91 Gb Total Physical Memory \| 2.55 Gb Available Physical Memory \| 65.17% Memory free 7.81 Gb Paging File \| 6.40 Gb Available in Paging File \| 81.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 914.87 Gb Total Space \| 855.25 Gb Free Space \| 93.48% Space Free \| Partition Type: NTFS Drive D: \| 16.55 Gb Total Space \| 2.07 Gb Free Space \| 12.48% Space Free \| Partition Type: NTFS Computer Name: EVAN-HP \| User Name: Evan \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/12/05 12:27:01 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe PRC - [2012/11/30 16:42:25 \| 000,697,272 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe PRC - [2012/10/10 21:29:13 \| 000,143,928 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe PRC - [2012/06/11 15:22:16 \| 000,193,616 \| ---- \| M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2011/09/09 04:28:30 \| 002,656,280 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/09/09 04:28:00 \| 000,326,168 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/08/16 17:03:24 \| 000,020,480 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe PRC - [2011/08/16 17:03:16 \| 000,016,384 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe PRC - [2011/08/12 12:54:32 \| 001,128,952 \| ---- \| M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/03/28 20:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/08/26 16:48:00 \| 000,285,152 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/11/15 03:20:11 \| 001,072,640 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\59353156806745822ad61a40de8fb631\System.IdentityModel.ni.dll MOD - [2012/11/15 03:20:10 \| 018,058,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll MOD - [2012/11/15 03:19:01 \| 002,906,624 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\bc4a5d9898a6c903baafbecacf6010b3\ReachFramework.ni.dll MOD - [2012/11/15 03:18:45 \| 001,021,952 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll MOD - [2012/11/15 03:18:44 \| 002,647,040 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll MOD - [2012/11/15 03:18:44 \| 000,143,360 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll MOD - [2012/11/15 03:09:47 \| 011,451,904 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll MOD - [2012/11/15 03:09:39 \| 003,858,432 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll MOD - [2012/11/15 03:06:34 \| 013,198,336 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll MOD - [2012/11/15 03:06:27 \| 001,666,048 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll MOD - [2012/11/15 03:06:22 \| 007,069,184 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll MOD - [2012/11/15 03:06:20 \| 005,617,664 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll MOD - [2012/11/15 03:06:17 \| 000,982,528 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll MOD - [2012/11/15 03:06:16 \| 009,093,632 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll MOD - [2012/11/15 03:06:12 \| 014,412,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll MOD - [2012/05/30 09:51:08 \| 000,699,280 \| R--- \| M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\wincfi39.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - [2011/02/17 01:47:28 \| 000,682,040 \| ---- \| M] (Hewlett-Packard) [Auto \| Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010/10/11 05:48:14 \| 000,346,168 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 21:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/03 19:50:49 \| 000,250,808 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/10 21:29:13 \| 000,143,928 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe -- (N360) SRV - [2012/06/11 15:22:16 \| 000,240,208 \| ---- \| M] (Microsoft Corporation.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/06/11 15:22:16 \| 000,193,616 \| ---- \| M] (Microsoft Corporation.) [Auto \| Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012/03/19 22:44:20 \| 000,276,248 \| ---- \| M] (Intel Corporation) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011/09/09 20:10:28 \| 000,086,072 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/09 04:28:30 \| 002,656,280 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/09/09 04:28:00 \| 000,326,168 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/08/16 17:03:16 \| 000,016,384 \| ---- \| M] (Hewlett-Packard) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService) SRV - [2011/08/12 12:54:32 \| 001,128,952 \| ---- \| M] (PDF Complete Inc) [Auto \| Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/03/28 20:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/10/12 12:59:12 \| 000,206,072 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/08/26 16:48:00 \| 000,285,152 \| ---- \| M] () [Auto \| Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010/06/01 18:31:28 \| 002,804,568 \| ---- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 16:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/29 23:40:16 \| 001,043,584 \| ---- \| M] (Hewlett-Packard Co.) [Auto \| Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/06/10 16:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/11/28 16:24:49 \| 000,030,496 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36) DRV:64bit: - [2012/11/24 21:19:10 \| 000,014,456 \| ---- \| M] (GFI Software) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012/11/23 23:45:47 \| 000,177,312 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/10/08 20:00:02 \| 000,776,864 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/10/03 20:40:35 \| 001,133,216 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/10/03 20:40:20 \| 000,493,216 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/10/03 20:19:14 \| 000,168,096 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.sys -- (ccSet_N360) DRV:64bit: - [2012/09/06 21:05:14 \| 000,432,800 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys -- (SymNetS) DRV:64bit: - [2012/09/06 20:48:08 \| 000,224,416 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/09/06 20:40:51 \| 000,037,496 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/07/09 12:42:54 \| 000,052,736 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/19 22:32:04 \| 014,745,600 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/03/01 01:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/09 14:49:01 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/01/09 14:49:01 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/11/16 01:42:19 \| 000,565,352 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/11/15 04:38:56 \| 000,557,848 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/11/15 02:08:06 \| 000,158,976 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2011/09/09 04:25:13 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/04/19 08:52:20 \| 001,254,464 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2010/11/20 22:24:33 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 \| 000,031,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/11 00:11:52 \| 000,141,384 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010/11/11 00:11:50 \| 000,172,104 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 00:11:50 \| 000,136,264 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/11/11 00:11:50 \| 000,019,016 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/02/03 10:21:56 \| 000,047,632 \| ---- \| M] (CACE Technologies, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/07/13 20:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 \| 000,012,288 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 15:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/01/19 17:24:24 \| 000,025,312 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| Disabled \| Stopped] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012/11/23 16:36:10 \| 000,513,184 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121204.002\IDSviA64.sys -- (IDSVia64) DRV - [2012/11/23 01:00:00 \| 002,084,000 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121204.019\ex64.sys -- (NAVEX15) DRV - [2012/11/23 01:00:00 \| 000,484,512 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/11/23 01:00:00 \| 000,138,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/11/23 01:00:00 \| 000,126,112 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121204.019\eng64.sys -- (NAVENG) DRV - [2012/10/23 18:34:23 \| 001,384,608 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 20:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »searchfunmoods.com/?f=1&a=downlo···85422069 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{63126BF1-6528-43EB-A367-6838615D2D05}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPDTDF IE - HKLM\..\SearchScopes\{63126BF1-6528-43EB-A367-6838615D2D05}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.msn.com/?PC=msnHomeST&OCID=msnHomepage IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKCU\..\SearchScopes\{0C57F8A9-104E-4DB0-A146-819E69496F42}: "URL" = »search.yahoo.com/search?fr=chr-g···chTerms} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = »search.ask.com/web?q={searchterm···o=HPDTDF IE - HKCU\..\SearchScopes\{63126BF1-6528-43EB-A367-6838615D2D05}: "URL" = »www.amazon.com/s/ref=azs_osd_iea···chTerms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.com/web?q={SEARCHTERMS}&···src=2869 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = »search.yahoo.com/search?p={searc···e=HPDTDF IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = »mystart.incredibar.com/mb185/?se···mXd&i=26 IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = »en.wikipedia.org/wiki/Special:Se···chTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = »rover.ebay.com/rover/1/711-30572···chTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=380920_yserp3tst" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://www.msn.com/" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1 FF - prefs.js..keyword.URL: "http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDyE0EyB0F0FtAyDzztB0C0B0EtC0DtN0D0Tzu0CtAtAtAtN1L2XzutBtFtBt FtDtFtAyEyE&cr=385422069&q=" FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/11/23 23:46:08 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2012/12/05 12:27:07 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/24 21:18:53 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/24 21:18:53 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/01 15:29:26 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions [2012/11/30 16:40:36 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\extensions [2012/11/22 19:09:07 \| 000,000,000 \| ---D \| M] ("Giant Savings") -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\extensions\crossriderapp4479@crossrider.com [2012/11/30 16:40:36 \| 000,000,000 \| ---D \| M] (Funmoods.com) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\extensions\ffxtlbr@funmoods.com [2012/11/28 14:36:59 \| 000,000,000 \| ---D \| M] (incredibar.com) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\extensions\ffxtlbr@incredibar.com [2012/11/24 21:18:43 \| 000,000,000 \| ---D \| M] (Lavasoft Search Plugin) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012/11/27 06:12:12 \| 000,002,536 \| ---- \| M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\searchplugins\mngr.xml [2012/11/28 14:36:37 \| 000,002,203 \| ---- \| M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\s6501h1s.default\searchplugins\MyStart Search.xml [2012/11/03 13:32:58 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/03 13:32:59 \| 000,261,600 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/24 21:18:42 \| 000,000,616 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012/09/05 20:26:22 \| 000,002,465 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 10:46:43 \| 000,002,058 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: »searchfunmoods.com/?f=1&a=downlo···85422069 CHR - default_search_provider: Funmoods (Enabled) CHR - default_search_provider: search_url = »searchfunmoods.com/results.php?f···85422069 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: »searchfunmoods.com/?f=1&a=downlo···85422069 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Evan\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Evan\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Evan\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Evan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_1\ CHR - Extension: Gmail = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/12/04 19:41:10 \| 000,000,855 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = »hp.digitalriver.com/DRHM/store?A···words=%w O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (Reg Error: Key error.) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} »xserv.dell.com/DellDriverScanner···stem.CAB (DellSystem.Scanner) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FFA7E8E-1EF3-4DC2-B375-CE6E5947FFEA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93A7546-9956-4A21-9AEC-A8A0C23E66FD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{788cc9e4-f6a2-11e1-9caa-082e5f0475c7}\Shell - "" = AutoRun O33 - MountPoints2\{788cc9e4-f6a2-11e1-9caa-082e5f0475c7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/12/05 12:27:00 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe [2012/12/05 11:56:07 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\Malwarebytes [2012/12/05 11:55:59 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/05 11:55:59 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/12/05 11:55:58 \| 000,025,928 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/05 11:55:58 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/04 19:28:30 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/12/04 19:28:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Tweaking.com [2012/12/04 16:07:35 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\NovaTech Network [2012/12/04 15:31:46 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\NewspaperDirect [2012/12/03 19:59:56 \| 000,289,768 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/03 19:59:49 \| 000,189,416 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/03 19:59:49 \| 000,188,904 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/03 19:59:49 \| 000,108,008 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/03 19:59:41 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Java [2012/12/03 19:58:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Java [2012/12/03 19:58:42 \| 000,246,760 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/03 19:58:24 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/03 19:58:24 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/03 19:58:24 \| 000,095,208 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/03 19:58:14 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Java [2012/12/01 16:38:57 \| 000,181,064 \| ---- \| C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/12/01 16:38:52 \| 000,290,304 \| ---- \| C] (Microsoft Corporation) -- C:\subinacl.exe [2012/12/01 16:29:42 \| 000,000,000 \| ---D \| C] -- C:\RegBackup [2012/12/01 16:29:05 \| 000,000,000 \| ---D \| C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/12/01 15:36:54 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Evan\Desktop\TFC.exe [2012/11/28 20:31:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\GlarySoft [2012/11/28 20:30:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft [2012/11/28 20:30:55 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Glarysoft [2012/11/28 15:44:49 \| 000,000,000 \| ---D \| C] -- C:\Windows\pss [2012/11/28 15:23:38 \| 000,000,000 \| ---D \| C] -- C:\JRT [2012/11/28 15:02:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files\HitmanPro [2012/11/28 15:01:29 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\HitmanPro [2012/11/28 14:37:05 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Perion [2012/11/28 12:16:10 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\Norman Malware Cleaner [2012/11/27 14:25:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/11/27 13:39:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/11/27 06:20:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\Little_Apps [2012/11/27 06:19:58 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Little Registry Cleaner [2012/11/27 06:12:45 \| 000,000,000 \| -HSD \| C] -- C:\Windows\SysWow64\AI_RecycleBin [2012/11/27 06:11:23 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Babylon [2012/11/24 21:22:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\LavasoftStatistics [2012/11/24 21:19:16 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\Downloaded Installations [2012/11/24 21:19:10 \| 000,014,456 \| ---- \| C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012/11/24 21:18:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Search Protection [2012/11/24 20:08:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2012/11/24 20:08:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012/11/24 20:08:08 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\Programs [2012/11/24 00:40:58 \| 000,000,000 \| ---D \| C] -- C:\Windows\SysWow64\N360_BACKUP [2012/11/24 00:28:05 \| 000,388,608 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\Evan\Desktop\HijackThis.exe [2012/11/24 00:11:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012/11/23 23:45:48 \| 000,177,312 \| ---- \| C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/11/23 23:45:15 \| 000,000,000 \| R--D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2012/11/23 23:45:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Norton 360 [2012/11/23 23:45:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\NortonInstaller [2012/11/23 23:30:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\LogMeIn Rescue Applet [2012/11/20 20:13:27 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Local\HP [2012/11/20 20:08:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\WEBREG [2012/11/20 20:08:19 \| 000,000,000 \| ---D \| C] -- C:\Users\Evan\AppData\Roaming\HP [2012/11/20 20:00:22 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Lexmark [2012/11/15 03:07:41 \| 000,054,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:07:41 \| 000,009,728 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 03:03:12 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 03:03:12 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 03:03:11 \| 002,312,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 03:03:11 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 03:03:11 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 03:03:11 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 03:03:11 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 03:03:11 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 03:03:11 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 03:03:11 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 03:03:11 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 03:03:10 \| 000,729,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 03:03:09 \| 000,816,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 03:03:09 \| 000,717,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 03:03:09 \| 000,599,040 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 03:01:28 \| 000,229,888 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 03:01:28 \| 000,194,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 03:01:28 \| 000,045,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/15 03:01:27 \| 000,744,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/14 06:16:21 \| 000,226,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 06:16:20 \| 000,193,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 06:16:20 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 06:16:18 \| 000,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 06:16:18 \| 000,216,576 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 06:16:18 \| 000,156,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 06:16:17 \| 000,175,104 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 06:16:17 \| 000,018,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 06:16:17 \| 000,018,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 06:16:06 \| 000,095,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 06:16:06 \| 000,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/10 17:04:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Client [2012/11/10 17:03:51 \| 000,000,000 \| ---D \| C] -- C:\3bd9bc7ef66cfe7df5063f03 [2012/11/10 16:54:31 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2012/11/10 16:53:52 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Giant Savings [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/12/05 12:29:54 \| 000,024,608 \| ---- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/05 12:29:54 \| 000,024,608 \| ---- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/05 12:27:01 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe [2012/12/05 12:24:47 \| 000,343,360 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/05 12:24:44 \| 000,067,584 \| ---- \| M] () -- C:\Windows\bootstat.dat [2012/12/05 12:24:33 \| 3146,379,264 \| -HS- \| M] () -- C:\hiberfil.sys [2012/12/05 12:16:01 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/05 11:56:00 \| 000,001,111 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/04 19:44:14 \| 000,778,730 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/04 19:44:14 \| 000,660,022 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/04 19:44:14 \| 000,120,950 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/04 19:41:50 \| 000,181,064 \| ---- \| M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/12/04 19:41:10 \| 000,000,855 \| ---- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/04 19:40:45 \| 000,778,730 \| ---- \| M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/12/04 19:28:30 \| 000,002,289 \| ---- \| M] () -- C:\Users\Evan\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/12/03 19:59:43 \| 000,108,008 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/03 19:59:42 \| 001,034,216 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/12/03 19:59:42 \| 000,916,456 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/12/03 19:59:42 \| 000,289,768 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/03 19:59:42 \| 000,189,416 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/03 19:59:42 \| 000,188,904 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/03 19:58:16 \| 000,095,208 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/03 19:58:15 \| 000,821,736 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/03 19:58:15 \| 000,746,984 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/03 19:58:15 \| 000,246,760 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/03 19:58:15 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/03 19:58:15 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/03 19:50:49 \| 000,697,272 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/03 19:50:49 \| 000,073,656 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/03 19:08:20 \| 000,000,855 \| ---- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_479 [2012/12/02 19:48:21 \| 000,000,340 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForEVAN-HP$.job [2012/12/01 16:47:52 \| 000,000,855 \| ---- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_875 [2012/12/01 16:30:19 \| 000,000,207 \| ---- \| M] () -- C:\Windows\tweaking.com-regbackup-EVAN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2012/12/01 15:41:52 \| 000,000,328 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForEvan.job [2012/12/01 15:36:55 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Evan\Desktop\TFC.exe [2012/11/28 16:24:49 \| 000,030,496 \| ---- \| M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012/11/28 16:23:24 \| 000,019,702 \| ---- \| M] () -- C:\Windows\SysNative\.crusader [2012/11/28 14:36:59 \| 000,000,450 \| ---- \| M] () -- C:\user.js [2012/11/28 14:36:51 \| 001,564,908 \| ---- \| M] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Cat.DB [2012/11/27 22:03:21 \| 000,002,481 \| ---- \| M] () -- C:\Users\Evan\Desktop\Google Chrome.lnk [2012/11/27 20:07:23 \| 002,181,978 \| ---- \| M] () -- C:\Users\Evan\Desktop\SCAN.png [2012/11/27 18:42:39 \| 000,002,120 \| ---- \| M] () -- C:\scu.dat [2012/11/24 21:19:10 \| 000,014,456 \| ---- \| M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012/11/24 00:28:06 \| 000,388,608 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\Evan\Desktop\HijackThis.exe [2012/11/23 23:45:47 \| 000,177,312 \| ---- \| M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/11/23 23:45:47 \| 000,007,466 \| ---- \| M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/11/23 23:45:47 \| 000,000,855 \| ---- \| M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/11/23 23:45:44 \| 000,002,393 \| ---- \| M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/11/20 20:58:21 \| 000,856,354 \| ---- \| M] () -- C:\Users\Evan\Desktop\Jessie.jpg [2012/11/15 19:30:41 \| 000,013,946 \| ---- \| M] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\VT20121114.016 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/12/05 11:56:00 \| 000,001,111 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/04 19:28:30 \| 000,002,289 \| ---- \| C] () -- C:\Users\Evan\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/12/02 11:51:32 \| 000,000,340 \| ---- \| C] () -- C:\Windows\tasks\HPCeeScheduleForEVAN-HP$.job [2012/12/01 16:46:22 \| 000,303,616 \| ---- \| C] ( ) -- C:\SetACL.exe [2012/12/01 16:30:19 \| 000,000,207 \| ---- \| C] () -- C:\Windows\tweaking.com-regbackup-EVAN-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2012/11/28 16:24:49 \| 000,030,496 \| ---- \| C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012/11/28 15:13:19 \| 000,019,702 \| ---- \| C] () -- C:\Windows\SysNative\.crusader [2012/11/28 14:36:58 \| 000,000,450 \| ---- \| C] () -- C:\user.js [2012/11/27 20:07:23 \| 002,181,978 \| ---- \| C] () -- C:\Users\Evan\Desktop\SCAN.png [2012/11/27 14:49:25 \| 000,002,120 \| ---- \| C] () -- C:\scu.dat [2012/11/23 23:45:48 \| 000,007,466 \| ---- \| C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/11/23 23:45:48 \| 000,000,855 \| ---- \| C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/11/23 23:45:44 \| 000,002,393 \| ---- \| C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/11/20 20:45:50 \| 000,856,354 \| ---- \| C] () -- C:\Users\Evan\Desktop\Jessie.jpg [2012/11/15 03:07:43 \| 000,000,003 \| ---- \| C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:01:27 \| 000,000,003 \| ---- \| C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/10/04 19:48:19 \| 000,000,173 \| ---- \| C] () -- C:\Users\Evan\AppData\Local\msmathematics.qat.Evan [2012/08/23 15:52:39 \| 000,000,025 \| ---- \| C] () -- C:\Windows\libem.INI [2012/08/22 13:34:28 \| 000,000,574 \| ---- \| C] () -- C:\Windows\hpomdl46.dat.temp [2012/08/22 13:16:55 \| 000,207,089 \| ---- \| C] () -- C:\Windows\hpoins46.dat [2012/05/23 20:24:28 \| 000,053,299 \| ---- \| C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012/03/19 22:31:16 \| 000,963,912 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 22:31:16 \| 000,261,208 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 22:25:58 \| 000,058,880 \| ---- \| C] () -- C:\Windows\SysWow64\igdde32.dll [2012/03/19 21:21:14 \| 013,212,672 \| ---- \| C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/01/09 14:49:22 \| 000,145,804 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/10/12 18:33:22 \| 000,007,736 \| ---- \| C] () -- C:\Windows\hpDSTRES.DLL [2011/02/11 12:15:43 \| 000,778,730 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 \| 014,172,672 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 \| 012,873,728 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 \| 000,909,312 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:24:25 \| 000,606,208 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 \| 000,505,856 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/08/23 15:52:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\BITS [2012/08/25 19:54:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/08/18 19:28:53 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\e-academy Inc [2012/08/23 16:01:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\FlashGetBHO [2012/08/23 16:01:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\FlashgetSetup [2012/11/28 20:31:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\GlarySoft [2012/09/05 18:01:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\IObit [2012/10/10 21:25:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\Mael [2012/12/04 15:31:46 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\NewspaperDirect [2012/10/29 13:31:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\SoftGrid Client [2012/08/23 14:03:15 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\StreamTorrent [2012/08/23 19:32:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\TP [2012/05/24 17:39:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Evan\AppData\Roaming\WinBatch [color=#E56717]========== Purity Check ==========[/color] -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-12-05 16:24:23 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Cellphones, Provid..	OTL Extras logfile created on: 12/5/2012 12:28:20 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.91 Gb Total Physical Memory \| 2.55 Gb Available Physical Memory \| 65.17% Memory free 7.81 Gb Paging File \| 6.40 Gb Available in Paging File \| 81.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 914.87 Gb Total Space \| 855.25 Gb Free Space \| 93.48% Space Free \| Partition Type: NTFS Drive D: \| 16.55 Gb Total Space \| 2.07 Gb Free Space \| 12.48% Space Free \| Partition Type: NTFS Computer Name: EVAN-HP \| User Name: Evan \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe::Enabled:Flashget3 "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe::Enabled:Flashget3 [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{165AD437-9146-4D6F-9FE4-5BC233233EBC}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{1E839F55-D751-4CEA-9237-FAA9DA503D0E}" = rport=427 \| protocol=17 \| dir=in \| svc=hpslpsvc \| app=c:\windows\system32\svchost.exe \| "{33C0B2B6-55F3-4046-9660-8E3C80C4DB5F}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{34A4E90B-CA2B-473C-999C-41A2700FB482}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{39D34E26-026B-4173-ABE2-050219F83423}" = rport=10243 \| protocol=6 \| dir=out \| app=system \| "{3BB1CAF8-492A-4703-9803-9F123A549E08}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{4444C010-A929-450F-B0A0-A0E7489AA13D}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{592C3BF7-1B11-4B05-92D8-689B7FF79265}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{594A80B2-A87C-4A3E-B68B-B37FBD7B4144}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{5A010178-ADFC-4ACA-8B5B-F1F2663C09F2}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{5F991C19-15F5-4D2E-9BAD-75FFA77B6C43}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{6214F1BA-3772-46C6-A87A-652BC444E309}" = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| "{75A9115C-E79D-46F1-9095-99EF758F1E18}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{86FCB0E2-D441-4455-8BFC-B342E681C03A}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{910C8BC9-6DD8-43D1-826C-19D0D37449D0}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{94D438EE-24B4-4D88-8D50-452129764375}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{987D38AB-D904-44F5-B6D4-2B8180873E5E}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{A85FF824-9B18-4598-9897-E3FDED9FA69B}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{B493A3E3-02FA-442F-A37D-80C8FFCA2F54}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{BBFF6062-5935-446C-8623-70CDD121C7F8}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{BD637C8C-A4D4-45D5-8351-3D8B505980A6}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{D1D73AB5-67D8-4A5B-B5EE-C9C131468028}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{D3F6980E-3F9D-4C83-8D97-855829481A7E}" = lport=10243 \| protocol=6 \| dir=in \| app=system \| "{E7F15505-CDE8-412F-89A4-D786ED0E4B31}" = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A917DEF-65EE-421E-9333-267CDC925CDD}" = protocol=17 \| dir=in \| app=c:\windows\system32\dmwu.exe \| "{0AE215DD-B58C-4D2D-8D3A-D9A69B048CE6}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{0BBE048D-5580-4364-A70F-7E43EE86380D}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{13E812FB-56A7-42B0-9C56-0CC14D605061}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{196103C2-A1E4-46AF-B15C-FEA2EC43344A}" = protocol=17 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{1BBBC942-695C-43FE-A631-33F16DDFACFF}" = dir=in \| app=c:\program files (x86)\hp\hp software update\hpwucli.exe \| "{221F8D4C-37DF-41EC-B81B-9CB09D374B03}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{25B636F1-25B3-4C35-994A-4B2D5807DCA8}" = protocol=6 \| dir=in \| app=c:\windows\system32\dmwu.exe \| "{274B8CF7-BB1F-4C40-AFB2-0711581888CC}" = protocol=6 \| dir=in \| app=c:\windows\system32\dmwu.exe \| "{43F1F752-B1E7-4D52-8AB1-A218B25C1013}" = protocol=6 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{4509DC85-2662-4335-B84B-135C9E806978}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{4874F101-1C94-4742-8818-C85B9EF7D171}" = protocol=6 \| dir=in \| app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe \| "{49CBBDA8-F6C5-48B6-9891-E6FFF1AFA166}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{4A409930-5CFB-45C1-BF0F-D7E8E0160383}" = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{533EDE04-62F6-446A-8E68-504160EA4F8D}" = protocol=6 \| dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe \| "{5B3F1638-FD78-4F2E-8C9E-408D9C1540F9}" = protocol=17 \| dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe \| "{5C25BFEE-A91B-42EE-9BA0-C8632649337E}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{5D25A2B2-547A-4465-AF3F-A1F3C1EA4BDE}" = dir=in \| app=c:\program files (x86)\windows live\messenger\msnmsgr.exe \| "{5EBBB5C3-C436-4438-8B07-F8D5FFF144B8}" = dir=in \| app=e:\setup\hpznui40.exe \| "{63F63460-F106-4631-BB18-9ADBAA806CB9}" = protocol=17 \| dir=in \| app=c:\windows\system32\arfc\wrtc.exe \| "{6509EA9A-33D5-43A0-8FD5-EF53D6BDF310}" = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{66EEF896-149D-42E1-ADEA-EDDD25B76882}" = dir=in \| app=c:\program files (x86)\windows live\mesh\moe.exe \| "{69862F2C-DA52-4109-A59F-ABC7DD2E5529}" = protocol=6 \| dir=out \| app=system \| "{6C1C0570-EDFF-421B-8DE1-D63644D8BAB4}" = dir=in \| app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe \| "{76E6BB2B-601B-4380-AA31-354570D09824}" = protocol=17 \| dir=out \| app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe \| "{7AF1B620-D96A-4B22-92BB-5E095F5527C0}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{7EEBF7CC-BA77-448D-9DC6-C6260DED240D}" = protocol=6 \| dir=in \| app=c:\windows\system32\arfc\wrtc.exe \| "{7F3F06B8-C622-44D1-8F7B-0BDE9D96ADE1}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{852C4AFD-9548-4D61-9B4F-ADFDA46956C9}" = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{8E58D2F4-A7E8-4740-BD12-92FDCC01BCB3}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{91FF1DDA-ED05-421E-BA67-E35E8ED88988}" = protocol=6 \| dir=out \| app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe \| "{9A98B4A5-15D7-4B6C-9B8A-9CAB561A3444}" = protocol=17 \| dir=in \| app=c:\windows\system32\dmwu.exe \| "{A2573330-A96C-4FE5-AB87-CF79F6580680}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{A7A188C3-B131-4D75-82D5-182C775AF776}" = protocol=17 \| dir=in \| app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe \| "{ABAB2DE0-4FB2-421D-AD65-5260B54EC3DB}" = dir=in \| app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe \| "{B5BD3F70-3510-4950-A123-055AF4A02E77}" = protocol=17 \| dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe \| "{BC53A7B0-9EA0-4AAD-8C25-AAB435DE9A47}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{C09BD989-5A2F-4832-95E5-FBD2EB8D489C}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{C0F44E8D-5D36-4FD9-9006-27945C9F11F0}" = dir=in \| app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe \| "{C6A3BB08-6EE6-459C-BBDE-A655596B483B}" = dir=in \| app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe \| "{C9007008-1669-4677-989D-AB7E345370B2}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{CD8C33BF-FE2B-4EEE-91BF-ADB3CB91349F}" = protocol=6 \| dir=in \| app=c:\windows\system32\arfc\wrtc.exe \| "{CEF72384-913F-4648-89FC-8ED434FE078B}" = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{D35C7F4D-AFA3-4B1B-BC12-98E6F980D562}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{D8182191-A8A0-43F6-A511-4B8215E70CA8}" = protocol=6 \| dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe \| "{D934F9FC-F788-47F8-B149-4228934281F3}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "{D94467BE-E510-4A0B-8A4B-09084C2E7FF0}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{E90A191A-E72F-402C-9D11-F2F4B6CA9C32}" = protocol=17 \| dir=in \| app=c:\windows\system32\arfc\wrtc.exe \| "{EB7EF04F-80ED-4DBB-AE27-D10B82F93258}" = dir=in \| app=c:\program files (x86)\windows live\contacts\wlcomm.exe \| "{ECDE10BC-255C-47A4-B869-DBD9C47FC111}" = dir=in \| app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe \| "{EDD060E3-2D79-4BA8-9F19-D3FDA8AFC3CA}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| "TCP Query User{19084464-A8AA-4FE4-A734-FF921A72B34C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe \| "TCP Query User{CD67BEC6-2D0F-46FA-A862-7F64639FAB50}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe \| "UDP Query User{21DD6E70-B178-404E-9149-AF94794FA6DA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe \| "UDP Query User{F309B00E-33B2-451A-BF1A-CF480A186C0C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp "{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.AccessR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010 "{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5 "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "N360" = Norton 360 "Office14.AccessR" = Microsoft Access 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Office14.VISIOR" = Microsoft Visio Professional 2010 "PDF Complete" = PDF Complete Special Edition "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One) "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WTA-0528f67d-0b9e-4b88-989b-d2f7af9fc440" = Polar Bowler "WTA-381a841f-7886-470e-a800-220522312563" = Poker Superstars III "WTA-3bc8affa-a6fd-47bd-b358-5195d8ebb011" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition "WTA-3c40dd65-361a-4e47-b6c7-ec062465fbd6" = Luxor HD "WTA-4027ef29-fb71-4138-b43a-cde29e647b0c" = Torchlight "WTA-46bc0c72-83ab-44e2-8af4-17fd916ad7ce" = Blackhawk Striker 2 "WTA-49b19094-c3df-44c1-91d7-5ff7833689d5" = FATE "WTA-5f20f1b5-78e8-40fc-b5a6-3fee15d160ec" = Dora's World Adventure "WTA-698f3e8a-1f49-4a67-ba70-a509c6c3fb52" = John Deere Drive Green "WTA-78c5efeb-0b19-4a24-8653-dac1c20544cb" = Jewel Match 3 "WTA-9e12fb7a-d997-4e3d-aed6-f49045c8b1b1" = Plants vs. Zombies - Game of the Year "WTA-a5c99608-7108-4bb5-af5d-2caa60eaf854" = Penguins! "WTA-a6c82ff6-5b78-4988-98ef-4e357fba21ab" = Zuma's Revenge "WTA-a86eaf77-90d7-48b5-8a51-5f0e04a42c92" = Polar Golfer "WTA-b1a8b033-7680-433a-a92e-0b1402de9eee" = Cradle of Rome 2 "WTA-b1fae608-2166-411f-b551-70ff2254f2dc" = Final Drive Fury "WTA-bbfc564b-9c46-4de9-a050-bf9b18faf4da" = Farmscapes "WTA-bec82ad2-530f-4128-ab85-132491c376e3" = Farm Frenzy "WTA-c70baf33-d8fb-42ce-9e8f-542a13c5d77b" = Hoyle Card Games "WTA-cb09ff1e-d870-4c1c-b2f1-231d5dacc20e" = Bejeweled 3 "WTA-d1fe7abd-4492-400a-b287-8a4715a037f6" = Chuzzle Deluxe "WTA-e995030b-3e90-4375-87aa-adab8b2de074" = Mah Jong Medley "WTA-f1640117-17dc-434d-9338-ea229bb49d33" = Letters from Nowhere 2 "WTA-f75cc0e7-7e84-498b-8fa7-6568e7f0b37e" = RollerCoaster Tycoon 3: Platinum "WTA-f77c0895-7ac5-42c9-a753-7bc0647135b2" = Virtual Villagers 4 - The Tree of Life "WTA-f8f0e1ab-5347-4867-953f-7cae8fdc345c" = The Treasures of Mystery Island: The Ghost Ship [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 11/27/2012 12:10:50 PM \| Computer Name = Evan-HP \| Source = MsiInstaller \| ID = 1013 Description = Product: Translate Genius -- Firefox is currently running and the uninstallation cannot continue. Please close Firefox and run the uninstaller again. Error - 11/27/2012 2:18:13 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/27/2012 2:18:13 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9220 Error - 11/27/2012 2:18:13 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9220 Error - 11/27/2012 5:40:28 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/27/2012 5:40:29 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5924466 Error - 11/27/2012 5:40:29 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5924466 Error - 11/27/2012 7:23:19 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/27/2012 7:23:19 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1075034 Error - 11/27/2012 7:23:19 PM \| Computer Name = Evan-HP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1075034 [ Hewlett-Packard Events ] Error - 11/15/2012 10:01:35 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 60 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/22/2012 10:18:24 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/22/2012 10:18:24 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/22/2012 10:18:24 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/22/2012 10:18:24 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/24/2012 12:18:59 AM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/24/2012 12:19:00 AM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/24/2012 12:19:00 AM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/24/2012 12:19:00 AM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 11/29/2012 10:27:39 PM \| Computer Name = Evan-HP \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) [ System Events ] Error - 11/29/2012 7:53:56 PM \| Computer Name = Evan-HP \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/29/2012 7:53:57 PM \| Computer Name = Evan-HP \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/29/2012 10:20:09 PM \| Computer Name = Evan-HP \| Source = BROWSER \| ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5FFA7E8E-1EF3-4DC2-B375-CE6E5947FFEA}. The backup browser is stopping. Error - 12/1/2012 4:38:54 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7034 Description = The HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/1/2012 5:50:16 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7003 Description = The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed. Error - 12/1/2012 5:50:16 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7003 Description = The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed. Error - 12/1/2012 5:50:16 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7001 Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1058 Error - 12/2/2012 8:48:22 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7003 Description = The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed. Error - 12/2/2012 8:48:22 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7003 Description = The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed. Error - 12/2/2012 8:48:22 PM \| Computer Name = Evan-HP \| Source = Service Control Manager \| ID = 7001 Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1058 -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-12-05 16:25:17 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Cellphones, Provid..	Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Norton 360 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Mozilla Firefox 16.0.2 [color=red]Firefox out of Date![/color] Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome plugins... [u]````````Process Check: objlist.exe by Laurent````````[/u] Norton ccSvcHst.exe Symantec Norton Online Backup NOBuAgent.exe Symantec Norton Online Backup NOBuClient.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 3% [u]````````````````````End of Log``````````````````````[/u] -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-12-05 16:26:04 ·
michelle38 join:2012-11-24 Newport, KY	I apologize, I forgot to attach the mbam-log, I will do so now, as for the ESET log I dont know what happened to the rest of it, I am now rescanning my computer with the ESET scanner so I can give you the completed log,, thank you
	to forum · permalink · 2012-12-05 16:51:57 ·

lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54	No worries..and thanks for adding the log I'll put it in your post above. The ESET log should still be on your pc, even if you uninstalled it. Maybe check first one more time?
	to forum · permalink · 2012-12-05 16:54:13 ·
michelle38 join:2012-11-24 Newport, KY	I couldnt find it, I dont know if I deleted it or what I did , so I ran the ESET again and when it was finished scanning it didnt give me an option to save it to a notepad or anything,, I could run it again and take a screenshot of the results if need be.. It didnt ask me to reboot my computer this time,, like it did the first time so maybe there wasnt anything for it to show on a notepad.. I did try running the bitdefender but didnt have any luck with that either..
	to forum · permalink · 2012-12-05 19:12:01 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to Michelle I don;t see any major exploits in the logs. I'll go over them again in more detail. What specifically leads you to believe you are infected?? When did it start? Have you done a complete scan with Norton and if so, did it find anything? -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-12-06 10:22:07 ·

Broadband Tech > Security > Security Cleanup > computer is infected