Jump to content

Possible infection: browser redirects, etc.


Recommended Posts

Is there a system restore point that's available before the problem started?

-----------------------------------------------

Please download MiniToolBox, save it to your desktop and run it.

Close all browsers!

Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

MrC

Link to post
Share on other sites

I have the restore point that Combofix created before it ran Friday at 12:30. That's the earliest one. Following is the MiniToolBox result:

MiniToolBox by Farbar Version:05-03-2013

Ran by Home (administrator) on 14-04-2013 at 20:18:08

Running from "C:\Users\Home\Desktop"

Windows 7 Professional Service Pack 1 (X86)

Boot Mode: Normal

***************************************************************************

========================= Event log errors: ===============================

Application errors:

==================

Error: (04/14/2013 04:52:06 PM) (Source: Application Error) (User: )

Description: Faulting application name: WINWORDC.EXE, version: 14.0.6129.5000, time stamp: 0x5082ffdf

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000000c0

Faulting process id: 0x1004

Faulting application start time: 0xWINWORDC.EXE0

Faulting application path: WINWORDC.EXE1

Faulting module path: WINWORDC.EXE2

Report Id: WINWORDC.EXE3

Error: (04/14/2013 08:56:02 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller) (User: Home-HP)

Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation.

Error: (04/13/2013 10:04:33 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/12/2013 00:32:12 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/11/2013 03:04:24 PM) (Source: Application Hang) (User: )

Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c58

Start Time: 01ce36e732b13bba

Termination Time: 17

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 9a3c6046-a2da-11e2-8f95-ae79233c1299

Error: (04/10/2013 07:09:28 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/09/2013 07:52:15 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/09/2013 07:13:46 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/08/2013 08:03:07 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:

=============

Error: (04/14/2013 08:11:13 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2013 08:10:44 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SBRE

Error: (04/14/2013 08:09:37 PM) (Source: Service Control Manager) (User: )

Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:

%%1058

Error: (04/14/2013 08:09:33 PM) (Source: BugCheck) (User: )

Description: 0x0000007a (0xc0448998, 0xc000009d, 0x56336be0, 0x89133000)C:\Windows\Minidump\041413-16848-01.dmp041413-16848-01

Error: (04/14/2013 08:09:32 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected.

Error: (04/14/2013 01:57:26 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2013 01:56:56 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SBRE

Error: (04/14/2013 01:55:47 PM) (Source: Service Control Manager) (User: )

Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:

%%1058

Error: (04/14/2013 01:55:41 PM) (Source: BugCheck) (User: )

Description: 0x0000007a (0xc04186c0, 0xc000009d, 0x5233c860, 0x830d841e)C:\Windows\Minidump\041413-14976-01.dmp041413-14976-01

Error: (04/14/2013 01:55:40 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected.

Microsoft Office Sessions:

=========================

Error: (04/14/2013 04:52:06 PM) (Source: Application Error)(User: )

Description: WINWORDC.EXE14.0.6129.50005082ffdfunknown0.0.0.000000000c0000005000000c0100401ce3951c084f09eQ:\140066.enu\Office14\WINWORDC.EXEunknown2a692926-a545-11e2-915a-cc710b93c79a

Error: (04/14/2013 08:56:02 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller)(User: Home-HP)

Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/13/2013 10:04:33 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/12/2013 00:32:12 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/11/2013 03:04:24 PM) (Source: Application Hang)(User: )

Description: mbam.exe1.75.0.1c5801ce36e732b13bba17C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe9a3c6046-a2da-11e2-8f95-ae79233c1299

Error: (04/10/2013 07:09:28 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/09/2013 07:52:15 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/09/2013 07:13:46 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/08/2013 08:03:07 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Link to post
Share on other sites

I can't find that service. I followed the direction to find it in services and also followed the path you listed above to look directly in the drivers file to be sure but I can't find it. I'm attaching a screen shot of where I'm looking so you can confirm I've gone to the right place.

post-137571-0-03341000-1365986592.png

Link to post
Share on other sites

OK, run this scan and post the logs (I'll get back to you in the AM)

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL.txt:

OTL logfile created on: 4/14/2013 8:58:05 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free

3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS

Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HOME-HP | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe

PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe

PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe

PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010/02/11 13:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

PRC - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

PRC - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

PRC - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

PRC - [2009/05/08 19:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

PRC - [2009/05/08 19:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe

PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/30 21:56:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll

MOD - [2013/03/30 21:52:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll

MOD - [2013/03/28 20:54:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/03/28 20:53:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll

MOD - [2013/03/28 20:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/03/28 20:53:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll

MOD - [2013/03/28 20:52:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/03/28 20:52:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/03/28 20:52:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll

MOD - [2013/03/28 20:51:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013/03/28 20:50:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/03/28 20:50:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/03/28 20:50:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/03/28 20:50:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2010/11/10 18:39:38 | 000,096,256 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

MOD - [2010/11/10 18:38:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2010/04/12 19:59:12 | 000,098,304 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

MOD - [2009/02/19 20:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)

SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)

SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/09/29 06:10:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010/11/10 18:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/06/17 08:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2009/12/07 14:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)

SRV - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\drivers\WTSrv.exe -- (WinTabService)

SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Home\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/31 18:32:04 | 000,070,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)

DRV - [2013/03/31 18:32:04 | 000,034,984 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)

DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)

DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)

DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)

DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/11/16 19:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2010/11/11 02:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2010/11/11 02:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)

DRV - [2010/11/11 02:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

DRV - [2010/11/11 02:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2010/04/29 06:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2010/02/18 12:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)

DRV - [2009/10/21 16:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2008/07/31 07:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)

DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)

DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)

DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)

DRV - [2007/04/23 11:28:56 | 000,017,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tablet2k.sys -- (Tablet2k)

DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{962C963C-B71E-49E0-8680-9EA440A6D1F2}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=a3d06eba-58a0-43cf-b6cc-792d0bd7b799&apn_sauid=9ABFF5C1-B8A4-47E0-ACBB-3256A088FA25

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/11 10:10:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M]

[2012/05/21 18:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions

[2012/01/11 21:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

========== Chrome ==========

CHR - default_search_provider: Startpage HTTPS (Enabled)

CHR - default_search_provider: search_url = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english

CHR - default_search_provider: suggest_url =

CHR - homepage: https://startpage.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

O1 HOSTS File: ([2013/04/12 10:23:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)

O4 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D095447F-D777-402B-ADAA-CFC0048F4851}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 20:56:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/04/14 20:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon

[2013/04/14 20:16:49 | 000,760,335 | ---- | C] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe

[2013/04/13 10:32:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/04/13 10:18:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/04/13 10:18:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/04/13 10:18:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/04/13 10:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/13 10:15:05 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/04/13 09:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/04/13 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/04/12 13:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses

[2013/04/12 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/04/12 08:18:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar-1.01.0.1022

[2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

[2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN

[2013/04/11 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\mbar-1.01.0.1022

[2013/04/04 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\WalgreensPics

[2013/03/28 21:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/03/28 19:01:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2013/03/27 20:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/03/22 17:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/22 10:58:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Youtubemusic

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 21:00:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job

[2013/04/14 20:59:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job

[2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/04/14 20:41:32 | 000,256,290 | ---- | M] () -- C:\Users\Home\Desktop\services.png

[2013/04/14 20:40:18 | 000,320,356 | ---- | M] () -- C:\Users\Home\Desktop\Untitled.png

[2013/04/14 20:20:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/14 20:16:51 | 000,760,335 | ---- | M] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe

[2013/04/14 20:13:54 | 000,664,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/04/14 20:13:54 | 000,123,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/04/14 20:09:54 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/14 20:09:53 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/04/14 20:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/14 20:09:23 | 1298,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/14 15:48:33 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHOME-HP$.job

[2013/04/13 10:15:26 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/04/13 09:29:07 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/04/12 13:15:06 | 000,306,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/04/12 13:06:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/04/12 12:00:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job

[2013/04/12 11:14:41 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/12 10:23:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/04/12 08:18:25 | 012,894,739 | ---- | M] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip

[2013/04/11 17:01:39 | 000,002,366 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk

[2013/04/11 15:13:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2013/04/11 15:02:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/08 13:10:15 | 000,017,934 | ---- | M] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt

[2013/04/04 23:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/04/02 13:19:50 | 000,297,653 | ---- | M] () -- C:\Users\Home\Desktop\0402131225.jpg

[2013/04/02 13:18:11 | 000,442,186 | ---- | M] () -- C:\Users\Home\Desktop\0402131231.jpg

[2013/04/02 13:17:00 | 000,350,159 | ---- | M] () -- C:\Users\Home\Desktop\0402131227.jpg

[2013/03/28 20:48:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2013/03/28 19:15:10 | 000,001,142 | ---- | M] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk

[2013/03/28 18:55:30 | 150,290,076 | ---- | M] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu

[2013/03/26 21:10:06 | 000,002,819 | ---- | M] () -- C:\Users\Home\Desktop\The history teacher.rtf

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 20:41:32 | 000,256,290 | ---- | C] () -- C:\Users\Home\Desktop\services.png

[2013/04/14 20:40:18 | 000,320,356 | ---- | C] () -- C:\Users\Home\Desktop\Untitled.png

[2013/04/13 10:18:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/04/13 10:18:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/04/13 10:18:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/04/13 10:18:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/04/13 10:18:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/04/13 09:29:07 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/04/12 13:02:51 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/04/12 11:14:24 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/12 08:17:53 | 012,894,739 | ---- | C] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip

[2013/04/11 15:13:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2013/04/08 13:10:13 | 000,017,934 | ---- | C] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt

[2013/04/04 23:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/04/04 11:26:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/04/02 13:19:50 | 000,297,653 | ---- | C] () -- C:\Users\Home\Desktop\0402131225.jpg

[2013/04/02 13:18:10 | 000,442,186 | ---- | C] () -- C:\Users\Home\Desktop\0402131231.jpg

[2013/04/02 13:16:55 | 000,350,159 | ---- | C] () -- C:\Users\Home\Desktop\0402131227.jpg

[2013/03/28 20:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2013/03/28 20:05:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013/03/28 20:05:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013/03/28 18:53:49 | 150,290,076 | ---- | C] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu

[2013/03/27 20:32:24 | 000,001,142 | ---- | C] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk

[2013/03/26 21:10:05 | 000,002,819 | ---- | C] () -- C:\Users\Home\Desktop\The history teacher.rtf

[2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual

[2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\howto

[2013/02/02 19:08:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT

[2012/12/06 09:42:10 | 000,014,161 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2012/05/28 18:26:32 | 000,019,507 | ---- | C] () -- C:\Windows\prodsett_copy.ini

[2012/05/27 08:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat

[2012/02/14 19:56:50 | 000,173,109 | ---- | C] () -- C:\Windows\hpoins46.dat

[2011/12/15 21:38:40 | 000,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/11/12 16:12:36 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS

[2011/09/30 04:52:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/09/29 07:08:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011/09/27 16:41:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2011/05/11 10:52:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/24 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft

[2011/11/08 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Blio

[2011/09/27 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DigitalPersona

[2012/05/29 08:05:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\F-Secure

[2011/10/02 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Flood Light Games

[2013/01/15 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GlarySoft

[2011/11/07 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\iolo

[2011/10/13 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Magic Academy 2

[2013/03/15 13:10:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MusicNet

[2013/02/02 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nikon

[2012/08/24 23:57:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ooVoo Details

[2012/12/17 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org

[2012/01/11 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips

[2012/01/11 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips-Songbird

[2013/04/12 09:42:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SoftGrid Client

[2012/04/29 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SumatraPDF

[2012/10/03 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TechWizard

[2013/03/06 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TFP

[2011/11/17 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Thunderbird

[2011/09/27 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TP

[2011/12/23 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Visan

[2012/07/28 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangent

[2011/10/10 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1001

[2011/10/10 05:51:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1002

[2011/10/06 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Extras.txt:

OTL Extras logfile created on: 4/14/2013 8:58:05 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free

3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS

Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HOME-HP | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F760C23-0A9B-4C09-BB2A-3ED158543D34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{215DCA5E-1152-40BF-82EE-EEEC7ADFA709}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{227897B4-DBEC-48B9-A5B6-2A05F5E0A896}" = lport=2869 | protocol=6 | dir=in | app=system |

"{242AEB9A-F277-41B2-B083-EE584D05F213}" = lport=139 | protocol=6 | dir=in | app=system |

"{25364621-D9C2-4B77-8486-711977A28893}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{323F4D31-9E7F-4AB1-B0E4-9AD90C4878D2}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |

"{34B568CC-AE4B-4A74-BB45-907893688F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{392BF4DE-5BD3-4F2E-8FBF-AC61F3B3ADFB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3BDCA200-7A87-4A80-95D9-1DF5E4626AD5}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |

"{405C98C3-3223-432C-92B7-3C2F8C52E5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{461A73A7-DD3D-4228-8115-C74BD194C4D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4E150A51-DEE2-4FCB-BA16-FC499FA0CEFB}" = rport=138 | protocol=17 | dir=out | app=system |

"{54F8C631-9E0A-48D5-A656-6BFA96BF55CB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{56890CE3-824C-40B4-8CD9-F90E50245B7F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{58AFCE0D-F192-433A-B017-3F2CE704D3BF}" = lport=445 | protocol=6 | dir=in | app=system |

"{58EDE509-73F6-4898-85FE-1BEAD330B2C6}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{5A492BF7-D735-4A84-BF1F-141136DAC2A8}" = rport=445 | protocol=6 | dir=out | app=system |

"{630892A4-DFE2-462E-A504-E544038A2D1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6615A7EA-DA90-4CDA-9763-E5F5C09DEC3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{74AB533E-FF4E-4A0F-ACD6-8D2EEABA70C2}" = lport=137 | protocol=17 | dir=in | app=system |

"{7628607A-37FE-40FF-9D67-8C228C712C7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A5F0866D-D89C-434B-A8DD-348BCAE58326}" = rport=137 | protocol=17 | dir=out | app=system |

"{A8A3346E-D61F-4881-B0AA-4D8E93045E62}" = rport=139 | protocol=6 | dir=out | app=system |

"{BC23D38E-FEAF-47C6-A358-D8C44909EAFD}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

"{BDF99C38-2A56-42CD-835A-663D7CBECFED}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C93DF7C1-51DC-4E9F-89BE-71A7BD8B75D6}" = lport=138 | protocol=17 | dir=in | app=system |

"{C9EE2EBE-297C-4337-9FC5-7B9E9E74F439}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |

"{DA585A4B-0FAC-4634-949D-58E491FDE41A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{ED7D6AC2-B481-48A4-96A3-0AB0F82FBB31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F060C97A-6E63-48C0-AA0B-8F3A20F3A1DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F16D9407-1765-4B80-92CF-312CE895A693}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FA0E3876-8735-4C7F-9EDF-E9B8373EBE67}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{155C2EF7-BA64-4301-8D95-2CE2BAF184F6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{1F2AC206-56C3-4DF9-82B4-B7E9CAF37C79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1F3A4062-DBD7-4A37-A581-D7030BDB502F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{277349AF-5E88-4283-8685-ACCEE0784A54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{2849BAF4-B02A-4A67-BE02-5AEA01B47A5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{2B4CBCA3-2342-4CFA-86AA-7931C0680E75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3A464BB0-BF11-4EB5-A72C-87C113EA034A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{43AA96D6-E6DF-40BE-AC1A-7ECD3B2B6355}" = protocol=6 | dir=out | app=system |

"{44AD00E8-5B8A-484C-A65C-5013D492C097}" = dir=in | app=c:\program files\hp\digital imaging\{dbc1de57-b55a-4d57-9769-1db9be506af7}\setup\hpznui01.exe |

"{4916D4CD-C149-4E92-8A25-E01B6B0CA028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{556D602B-0EF4-4D0C-B3F3-7BCBCD98915B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5E79FE74-E785-45A0-AF14-6F22401302DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{76BB417D-95D0-40CA-9C77-E515AF625FFE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7CD0523B-9D18-443D-A558-A4403B671C91}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{8F19634E-A07D-46F2-BE1E-562A31567FE9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9AFE7B63-6D07-4ECB-8628-5989527D30F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A06CC4A2-BECF-4DE5-9284-C4BE61A0F2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AC9735B0-5F97-4084-8503-36E04D532F50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{B2BD4A30-FD2F-48BA-9356-8D18553F0B90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{B91AEAA7-ECB6-4FA2-ADCE-DACF14CF0103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{BF68DF48-3744-4474-B43C-270562BA3982}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{C3956D0C-6366-4835-BC94-836E48382CF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{CCC7233B-89B0-4442-88C2-6C67BAFB4D68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{D27F6EC2-0D4C-4BF9-910C-9BE47C0624B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{E16165C2-D084-41CA-A2A7-AC7D65626759}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E44ADD84-C6EA-4886-8299-51C788C09343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{E99EAAED-57CD-491D-A6C6-618FFEFF5AFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{ED9D1918-23AA-474A-8E98-19CDB846DCD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F6860AE0-AF69-4B5C-BFE7-085FBDA530FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F84719AE-9287-4F69-B34A-B8D06F370E8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"TCP Query User{034D29E4-C089-4101-BC02-5980A26F0188}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"TCP Query User{13EC4BAC-7F08-4DDB-90FB-87A6E9FE96A5}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe |

"TCP Query User{A7D124DF-4E08-45BE-B5D9-85766F81D582}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{D5D4231B-0548-437D-AB45-DB04D01144B0}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{13E95C19-AAB1-44B9-AD31-29BC383C56FF}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe |

"UDP Query User{74297CF3-CE34-4525-8A68-0A089C236C01}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{B9725560-9690-4F40-8B71-66C02A8779F3}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"UDP Query User{F4A84577-6178-48A6-B5CF-FACDF821306B}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BA6A83-C7A7-4F85-88F1-150142305229}" = HP Setup

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B7ED668-BACF-F980-455F-7CDBA927DC66}" = CCC Help Thai

"{121A4F64-BCA4-B173-6E82-BF2E5D7FC645}" = WMV9/VC-1 Video Playback

"{12E6F67A-923C-D5A4-29F3-0A399501FEF7}" = CCC Help Russian

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{170202F8-6B51-64B8-F625-34A9A85CBD9F}" = Catalyst Control Center Localization All

"{187A2434-7967-B82C-CBC3-80E93F6892DF}" = CCC Help Japanese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21E26835-81B8-318F-5862-6CC664EF0E7B}" = ccc-core-static

"{22B40D6A-4F41-4AA5-934B-41796A9DFCC3}" = HP ProtectTools Security Manager

"{2591AA1D-C126-92C3-8440-353B8B098496}" = CCC Help Greek

"{26641020-BFB8-38FB-6843-6B150B2B67F7}" = CCC Help Italian

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A4C7475-308B-5E13-A251-7BDDF80CB177}" = CCC Help Chinese Standard

"{4DC384B3-E425-EA76-79FC-AB6D98BCFECC}" = CCC Help Polish

"{5104636C-6F7E-D1CC-2A3E-EEDFCA5612DC}" = Catalyst Control Center Graphics Previews Common

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8

"{6A563C2A-CADE-3B64-5BC6-6838D6133642}" = Catalyst Control Center Profiles Mobile

"{6B67F63F-D5A0-444B-BD33-17FAB928909C}" = Catalyst Control Center - Branding

"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools

"{6DFF9444-9007-466A-9783-6E7D6749C97B}" = Verizon Download Manager

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BCBD5C3-3D85-6F98-C9DA-4852A58BB58D}" = CCC Help Danish

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader

"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9830833E-1E3D-60DC-8C96-826E30833BB9}" = CCC Help Chinese Traditional

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B831BBC-F6FE-F529-AC77-2B2FA15F69B4}" = Catalyst Control Center InstallProxy

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A8930F7C-9D88-5CE4-3C71-879BC60A150D}" = CCC Help Czech

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AE33E61E-1965-AA52-653B-A17633500A5F}" = CCC Help French

"{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio

"{B2ADD2FF-956E-2D1A-7B02-0F1697D649FE}" = CCC Help Dutch

"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD

"{B4A29707-5057-94AC-C1C2-44ADA35CC9A0}" = CCC Help Finnish

"{B50B4461-342A-CB25-B788-D0BCD6A5FD49}" = ccc-utility

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions

"{C08EBCB0-1536-4160-95F5-99CF528E7628}" = CCC Help Korean

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C6392BA0-B2C5-FB7C-E182-5CE8E3A934ED}" = AMD Fuel

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CD89053A-F34D-21E7-42DB-D62B63420DFD}" = CCC Help Swedish

"{CD898250-2079-0CD9-756B-C9D0D3EDCF06}" = CCC Help Norwegian

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D700FC83-6DE5-73BB-8DFF-23829E3A093B}" = CCC Help Spanish

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA776DAB-D3E1-5B46-BF39-A33748BEE903}" = CCC Help Portuguese

"{DB34DFEE-FB6F-3AFF-EC2F-FD7ACC3F4BB6}" = CCC Help English

"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1F81DDD-3860-DC3D-A4C0-6677FB5F60DD}" = CCC Help German

"{F21B328D-BD52-54AE-8976-313C4BD0B115}" = CCC Help Hungarian

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FA77C376-6C00-C500-16CC-7F069F651ED2}" = ATI Catalyst Install Manager

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"CCleaner" = CCleaner

"FileASSASSIN" = FileASSASSIN

"Glary Utilities_is1" = Glary Utilities 2.53.0.1726

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Keyboard_is1" = HP Desktop Keyboard

"HP Photo Creations" = HP Photo Creations

"HP Remote Solution" = HP Remote Solution

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPProtectTools" = HP ProtectTools Security Manager

"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Shop for HP Supplies" = Shop for HP Supplies

"SumatraPDF" = SumatraPDF

"WildTangent hp Master Uninstall" = HP Games

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087360" = Escape Rosecliff Island

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/29/2013 12:33:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 3/31/2013 1:45:19 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/1/2013 7:27:16 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/2/2013 12:31:19 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/3/2013 7:12:51 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/4/2013 7:12:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/4/2013 11:26:57 AM | Computer Name = Home-HP | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation

was canceled. You canceled the Security Essentials installation on your computer.

Error code:0x8004FF0A.

Error - 4/5/2013 7:25:21 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/6/2013 12:54:36 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/8/2013 8:03:07 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]

Error - 1/6/2012 11:07:17 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:07:17 AM - Error connecting to the internet. 10:07:17 AM - Unable

to contact server..

Error - 1/6/2012 11:07:53 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:07:46 AM - Error connecting to the internet. 10:07:46 AM - Unable

to contact server..

Error - 3/9/2012 11:01:51 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:01:51 AM - Failed to retrieve Directory (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 3/9/2012 11:03:12 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:03:12 AM - Failed to retrieve NetTV (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:03:12 AM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:03:13 AM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:03:13 AM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 10:03:14 AM - Failed to retrieve Broadband (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 3/9/2012 12:57:38 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 11:57:38 AM - Error connecting to the internet. 11:57:38 AM - Unable

to contact server..

Error - 3/9/2012 12:58:09 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0

Description = 11:58:07 AM - Error connecting to the internet. 11:58:07 AM - Unable

to contact server..

[ System Events ]

Error - 4/14/2013 1:55:40 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected.

Error - 4/14/2013 1:55:41 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001

Description =

Error - 4/14/2013 1:55:47 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001

Description = The AMD FUEL Service service depends on the AMD Reservation Manager

service which failed to start because of the following error: %%1058

Error - 4/14/2013 1:56:56 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

Error - 4/14/2013 1:57:26 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016

Description =

Error - 4/14/2013 8:09:32 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008

Description = The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected.

Error - 4/14/2013 8:09:33 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001

Description =

Error - 4/14/2013 8:09:37 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001

Description = The AMD FUEL Service service depends on the AMD Reservation Manager

service which failed to start because of the following error: %%1058

Error - 4/14/2013 8:10:44 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

Error - 4/14/2013 8:11:13 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Sounds like it has something to do with this driver:

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)

Error - 4/14/2013 8:10:44 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.