Jump to content

amccoy37

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OTL.txt: OTL logfile created on: 4/14/2013 8:58:05 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free 3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS Computer Name: HOME-HP | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/11 13:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE PRC - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe PRC - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe PRC - [2009/05/08 19:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe PRC - [2009/05/08 19:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe ========== Modules (No Company Name) ========== MOD - [2013/03/30 21:56:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll MOD - [2013/03/30 21:52:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013/03/28 20:54:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/03/28 20:53:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/03/28 20:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/03/28 20:53:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013/03/28 20:52:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/03/28 20:52:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/03/28 20:52:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013/03/28 20:51:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/03/28 20:50:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/28 20:50:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/03/28 20:50:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/28 20:50:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/10 18:39:38 | 000,096,256 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2010/11/10 18:38:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/04/12 19:59:12 | 000,098,304 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe MOD - [2009/02/19 20:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll ========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/29 06:10:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/11/10 18:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/06/17 08:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2009/12/07 14:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\drivers\WTSrv.exe -- (WinTabService) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Home\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/31 18:32:04 | 000,070,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2013/03/31 18:32:04 | 000,034,984 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/16 19:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2010/11/11 02:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/11/11 02:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) DRV - [2010/11/11 02:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010/11/11 02:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/04/29 06:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010/02/18 12:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009/10/21 16:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2008/07/31 07:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort) DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus) DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid) DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k) DRV - [2007/04/23 11:28:56 | 000,017,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tablet2k.sys -- (Tablet2k) DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/ IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{962C963C-B71E-49E0-8680-9EA440A6D1F2}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=a3d06eba-58a0-43cf-b6cc-792d0bd7b799&apn_sauid=9ABFF5C1-B8A4-47E0-ACBB-3256A088FA25 IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/11 10:10:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M] [2012/05/21 18:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions [2012/01/11 21:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com ========== Chrome ========== CHR - default_search_provider: Startpage HTTPS (Enabled) CHR - default_search_provider: search_url = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english CHR - default_search_provider: suggest_url = CHR - homepage: https://startpage.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll O1 HOSTS File: ([2013/04/12 10:23:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver) O4 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D095447F-D777-402B-ADAA-CFC0048F4851}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/14 20:56:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/04/14 20:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon [2013/04/14 20:16:49 | 000,760,335 | ---- | C] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe [2013/04/13 10:32:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/13 10:18:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/13 10:18:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/13 10:18:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/13 10:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/13 10:15:05 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/04/13 09:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/04/13 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/04/12 13:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013/04/12 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/12 08:18:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar-1.01.0.1022 [2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN [2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN [2013/04/11 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\mbar-1.01.0.1022 [2013/04/04 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\WalgreensPics [2013/03/28 21:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/03/28 19:01:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013/03/27 20:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/03/22 17:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/03/22 10:58:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Youtubemusic [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/14 21:00:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job [2013/04/14 20:59:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/04/14 20:41:32 | 000,256,290 | ---- | M] () -- C:\Users\Home\Desktop\services.png [2013/04/14 20:40:18 | 000,320,356 | ---- | M] () -- C:\Users\Home\Desktop\Untitled.png [2013/04/14 20:20:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/14 20:16:51 | 000,760,335 | ---- | M] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe [2013/04/14 20:13:54 | 000,664,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/14 20:13:54 | 000,123,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/14 20:09:54 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/14 20:09:53 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/04/14 20:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/14 20:09:23 | 1298,042,880 | -HS- | M] () -- C:\hiberfil.sys [2013/04/14 15:48:33 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHOME-HP$.job [2013/04/13 10:15:26 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/04/13 09:29:07 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 13:15:06 | 000,306,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/12 13:06:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/04/12 12:00:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job [2013/04/12 11:14:41 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/12 10:23:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/04/12 08:18:25 | 012,894,739 | ---- | M] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip [2013/04/11 17:01:39 | 000,002,366 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk [2013/04/11 15:13:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2013/04/11 15:02:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/08 13:10:15 | 000,017,934 | ---- | M] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt [2013/04/04 23:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/02 13:19:50 | 000,297,653 | ---- | M] () -- C:\Users\Home\Desktop\0402131225.jpg [2013/04/02 13:18:11 | 000,442,186 | ---- | M] () -- C:\Users\Home\Desktop\0402131231.jpg [2013/04/02 13:17:00 | 000,350,159 | ---- | M] () -- C:\Users\Home\Desktop\0402131227.jpg [2013/03/28 20:48:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013/03/28 19:15:10 | 000,001,142 | ---- | M] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk [2013/03/28 18:55:30 | 150,290,076 | ---- | M] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu [2013/03/26 21:10:06 | 000,002,819 | ---- | M] () -- C:\Users\Home\Desktop\The history teacher.rtf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/14 20:41:32 | 000,256,290 | ---- | C] () -- C:\Users\Home\Desktop\services.png [2013/04/14 20:40:18 | 000,320,356 | ---- | C] () -- C:\Users\Home\Desktop\Untitled.png [2013/04/13 10:18:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/13 10:18:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/13 10:18:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/13 10:18:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/13 10:18:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/13 09:29:07 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 13:02:51 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/04/12 11:14:24 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/12 08:17:53 | 012,894,739 | ---- | C] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip [2013/04/11 15:13:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2013/04/08 13:10:13 | 000,017,934 | ---- | C] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt [2013/04/04 23:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/04/04 11:26:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/04/02 13:19:50 | 000,297,653 | ---- | C] () -- C:\Users\Home\Desktop\0402131225.jpg [2013/04/02 13:18:10 | 000,442,186 | ---- | C] () -- C:\Users\Home\Desktop\0402131231.jpg [2013/04/02 13:16:55 | 000,350,159 | ---- | C] () -- C:\Users\Home\Desktop\0402131227.jpg [2013/03/28 20:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/03/28 20:05:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/03/28 20:05:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/03/28 18:53:49 | 150,290,076 | ---- | C] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu [2013/03/27 20:32:24 | 000,001,142 | ---- | C] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk [2013/03/26 21:10:05 | 000,002,819 | ---- | C] () -- C:\Users\Home\Desktop\The history teacher.rtf [2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual [2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\howto [2013/02/02 19:08:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT [2012/12/06 09:42:10 | 000,014,161 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2012/05/28 18:26:32 | 000,019,507 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2012/05/27 08:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat [2012/02/14 19:56:50 | 000,173,109 | ---- | C] () -- C:\Windows\hpoins46.dat [2011/12/15 21:38:40 | 000,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/11/12 16:12:36 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS [2011/09/30 04:52:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/09/29 07:08:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/09/27 16:41:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll [2011/05/11 10:52:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/12/24 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft [2011/11/08 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Blio [2011/09/27 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DigitalPersona [2012/05/29 08:05:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\F-Secure [2011/10/02 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Flood Light Games [2013/01/15 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GlarySoft [2011/11/07 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\iolo [2011/10/13 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Magic Academy 2 [2013/03/15 13:10:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MusicNet [2013/02/02 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nikon [2012/08/24 23:57:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ooVoo Details [2012/12/17 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org [2012/01/11 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips [2012/01/11 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips-Songbird [2013/04/12 09:42:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SoftGrid Client [2012/04/29 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SumatraPDF [2012/10/03 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TechWizard [2013/03/06 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TFP [2011/11/17 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Thunderbird [2011/09/27 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TP [2011/12/23 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Visan [2012/07/28 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangent [2011/10/10 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1001 [2011/10/10 05:51:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1002 [2011/10/06 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34 < End of report > Extras.txt: OTL Extras logfile created on: 4/14/2013 8:58:05 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free 3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS Computer Name: HOME-HP | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F760C23-0A9B-4C09-BB2A-3ED158543D34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{215DCA5E-1152-40BF-82EE-EEEC7ADFA709}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{227897B4-DBEC-48B9-A5B6-2A05F5E0A896}" = lport=2869 | protocol=6 | dir=in | app=system | "{242AEB9A-F277-41B2-B083-EE584D05F213}" = lport=139 | protocol=6 | dir=in | app=system | "{25364621-D9C2-4B77-8486-711977A28893}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{323F4D31-9E7F-4AB1-B0E4-9AD90C4878D2}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | "{34B568CC-AE4B-4A74-BB45-907893688F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{392BF4DE-5BD3-4F2E-8FBF-AC61F3B3ADFB}" = lport=10243 | protocol=6 | dir=in | app=system | "{3BDCA200-7A87-4A80-95D9-1DF5E4626AD5}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | "{405C98C3-3223-432C-92B7-3C2F8C52E5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{461A73A7-DD3D-4228-8115-C74BD194C4D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E150A51-DEE2-4FCB-BA16-FC499FA0CEFB}" = rport=138 | protocol=17 | dir=out | app=system | "{54F8C631-9E0A-48D5-A656-6BFA96BF55CB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{56890CE3-824C-40B4-8CD9-F90E50245B7F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | "{58AFCE0D-F192-433A-B017-3F2CE704D3BF}" = lport=445 | protocol=6 | dir=in | app=system | "{58EDE509-73F6-4898-85FE-1BEAD330B2C6}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | "{5A492BF7-D735-4A84-BF1F-141136DAC2A8}" = rport=445 | protocol=6 | dir=out | app=system | "{630892A4-DFE2-462E-A504-E544038A2D1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6615A7EA-DA90-4CDA-9763-E5F5C09DEC3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{74AB533E-FF4E-4A0F-ACD6-8D2EEABA70C2}" = lport=137 | protocol=17 | dir=in | app=system | "{7628607A-37FE-40FF-9D67-8C228C712C7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A5F0866D-D89C-434B-A8DD-348BCAE58326}" = rport=137 | protocol=17 | dir=out | app=system | "{A8A3346E-D61F-4881-B0AA-4D8E93045E62}" = rport=139 | protocol=6 | dir=out | app=system | "{BC23D38E-FEAF-47C6-A358-D8C44909EAFD}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | "{BDF99C38-2A56-42CD-835A-663D7CBECFED}" = rport=10243 | protocol=6 | dir=out | app=system | "{C93DF7C1-51DC-4E9F-89BE-71A7BD8B75D6}" = lport=138 | protocol=17 | dir=in | app=system | "{C9EE2EBE-297C-4337-9FC5-7B9E9E74F439}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | "{DA585A4B-0FAC-4634-949D-58E491FDE41A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{ED7D6AC2-B481-48A4-96A3-0AB0F82FBB31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F060C97A-6E63-48C0-AA0B-8F3A20F3A1DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F16D9407-1765-4B80-92CF-312CE895A693}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FA0E3876-8735-4C7F-9EDF-E9B8373EBE67}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{155C2EF7-BA64-4301-8D95-2CE2BAF184F6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{1F2AC206-56C3-4DF9-82B4-B7E9CAF37C79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F3A4062-DBD7-4A37-A581-D7030BDB502F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{277349AF-5E88-4283-8685-ACCEE0784A54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{2849BAF4-B02A-4A67-BE02-5AEA01B47A5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{2B4CBCA3-2342-4CFA-86AA-7931C0680E75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A464BB0-BF11-4EB5-A72C-87C113EA034A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{43AA96D6-E6DF-40BE-AC1A-7ECD3B2B6355}" = protocol=6 | dir=out | app=system | "{44AD00E8-5B8A-484C-A65C-5013D492C097}" = dir=in | app=c:\program files\hp\digital imaging\{dbc1de57-b55a-4d57-9769-1db9be506af7}\setup\hpznui01.exe | "{4916D4CD-C149-4E92-8A25-E01B6B0CA028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{556D602B-0EF4-4D0C-B3F3-7BCBCD98915B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E79FE74-E785-45A0-AF14-6F22401302DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76BB417D-95D0-40CA-9C77-E515AF625FFE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CD0523B-9D18-443D-A558-A4403B671C91}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{8F19634E-A07D-46F2-BE1E-562A31567FE9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9AFE7B63-6D07-4ECB-8628-5989527D30F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A06CC4A2-BECF-4DE5-9284-C4BE61A0F2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AC9735B0-5F97-4084-8503-36E04D532F50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{B2BD4A30-FD2F-48BA-9356-8D18553F0B90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{B91AEAA7-ECB6-4FA2-ADCE-DACF14CF0103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{BF68DF48-3744-4474-B43C-270562BA3982}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C3956D0C-6366-4835-BC94-836E48382CF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CCC7233B-89B0-4442-88C2-6C67BAFB4D68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{D27F6EC2-0D4C-4BF9-910C-9BE47C0624B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{E16165C2-D084-41CA-A2A7-AC7D65626759}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E44ADD84-C6EA-4886-8299-51C788C09343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{E99EAAED-57CD-491D-A6C6-618FFEFF5AFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{ED9D1918-23AA-474A-8E98-19CDB846DCD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6860AE0-AF69-4B5C-BFE7-085FBDA530FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F84719AE-9287-4F69-B34A-B8D06F370E8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "TCP Query User{034D29E4-C089-4101-BC02-5980A26F0188}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{13EC4BAC-7F08-4DDB-90FB-87A6E9FE96A5}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe | "TCP Query User{A7D124DF-4E08-45BE-B5D9-85766F81D582}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "TCP Query User{D5D4231B-0548-437D-AB45-DB04D01144B0}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{13E95C19-AAB1-44B9-AD31-29BC383C56FF}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe | "UDP Query User{74297CF3-CE34-4525-8A68-0A089C236C01}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{B9725560-9690-4F40-8B71-66C02A8779F3}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "UDP Query User{F4A84577-6178-48A6-B5CF-FACDF821306B}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BA6A83-C7A7-4F85-88F1-150142305229}" = HP Setup "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B7ED668-BACF-F980-455F-7CDBA927DC66}" = CCC Help Thai "{121A4F64-BCA4-B173-6E82-BF2E5D7FC645}" = WMV9/VC-1 Video Playback "{12E6F67A-923C-D5A4-29F3-0A399501FEF7}" = CCC Help Russian "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{170202F8-6B51-64B8-F625-34A9A85CBD9F}" = Catalyst Control Center Localization All "{187A2434-7967-B82C-CBC3-80E93F6892DF}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21E26835-81B8-318F-5862-6CC664EF0E7B}" = ccc-core-static "{22B40D6A-4F41-4AA5-934B-41796A9DFCC3}" = HP ProtectTools Security Manager "{2591AA1D-C126-92C3-8440-353B8B098496}" = CCC Help Greek "{26641020-BFB8-38FB-6843-6B150B2B67F7}" = CCC Help Italian "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A4C7475-308B-5E13-A251-7BDDF80CB177}" = CCC Help Chinese Standard "{4DC384B3-E425-EA76-79FC-AB6D98BCFECC}" = CCC Help Polish "{5104636C-6F7E-D1CC-2A3E-EEDFCA5612DC}" = Catalyst Control Center Graphics Previews Common "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{6A563C2A-CADE-3B64-5BC6-6838D6133642}" = Catalyst Control Center Profiles Mobile "{6B67F63F-D5A0-444B-BD33-17FAB928909C}" = Catalyst Control Center - Branding "{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools "{6DFF9444-9007-466A-9783-6E7D6749C97B}" = Verizon Download Manager "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BCBD5C3-3D85-6F98-C9DA-4852A58BB58D}" = CCC Help Danish "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader "{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9830833E-1E3D-60DC-8C96-826E30833BB9}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B831BBC-F6FE-F529-AC77-2B2FA15F69B4}" = Catalyst Control Center InstallProxy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A8930F7C-9D88-5CE4-3C71-879BC60A150D}" = CCC Help Czech "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AE33E61E-1965-AA52-653B-A17633500A5F}" = CCC Help French "{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio "{B2ADD2FF-956E-2D1A-7B02-0F1697D649FE}" = CCC Help Dutch "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD "{B4A29707-5057-94AC-C1C2-44ADA35CC9A0}" = CCC Help Finnish "{B50B4461-342A-CB25-B788-D0BCD6A5FD49}" = ccc-utility "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions "{C08EBCB0-1536-4160-95F5-99CF528E7628}" = CCC Help Korean "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C6392BA0-B2C5-FB7C-E182-5CE8E3A934ED}" = AMD Fuel "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CD89053A-F34D-21E7-42DB-D62B63420DFD}" = CCC Help Swedish "{CD898250-2079-0CD9-756B-C9D0D3EDCF06}" = CCC Help Norwegian "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D700FC83-6DE5-73BB-8DFF-23829E3A093B}" = CCC Help Spanish "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA776DAB-D3E1-5B46-BF39-A33748BEE903}" = CCC Help Portuguese "{DB34DFEE-FB6F-3AFF-EC2F-FD7ACC3F4BB6}" = CCC Help English "{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1F81DDD-3860-DC3D-A4C0-6677FB5F60DD}" = CCC Help German "{F21B328D-BD52-54AE-8976-313C4BD0B115}" = CCC Help Hungarian "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FA77C376-6C00-C500-16CC-7F069F651ED2}" = ATI Catalyst Install Manager "Adobe AIR" = Adobe AIR "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "FileASSASSIN" = FileASSASSIN "Glary Utilities_is1" = Glary Utilities 2.53.0.1726 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Keyboard_is1" = HP Desktop Keyboard "HP Photo Creations" = HP Photo Creations "HP Remote Solution" = HP Remote Solution "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPProtectTools" = HP ProtectTools Security Manager "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Shop for HP Supplies" = Shop for HP Supplies "SumatraPDF" = SumatraPDF "WildTangent hp Master Uninstall" = HP Games "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087360" = Escape Rosecliff Island "WT087362" = Final Drive Nitro "WT087372" = Heroes of Hellas 2 - Olympia "WT087379" = Jewel Quest Solitaire 2 "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087414" = Virtual Families "WT087415" = Wheel of Fortune 2 "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089328" = Farm Frenzy "WT089359" = Cake Mania ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/29/2013 12:33:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 3/31/2013 1:45:19 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/1/2013 7:27:16 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/2/2013 12:31:19 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/3/2013 7:12:51 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/4/2013 7:12:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/4/2013 11:26:57 AM | Computer Name = Home-HP | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error - 4/5/2013 7:25:21 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/6/2013 12:54:36 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 4/8/2013 8:03:07 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. [ Media Center Events ] Error - 1/6/2012 11:07:17 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:07:17 AM - Error connecting to the internet. 10:07:17 AM - Unable to contact server.. Error - 1/6/2012 11:07:53 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:07:46 AM - Error connecting to the internet. 10:07:46 AM - Unable to contact server.. Error - 3/9/2012 11:01:51 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:01:51 AM - Failed to retrieve Directory (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 11:03:12 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:03:12 AM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:03:12 AM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:03:13 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:03:13 AM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 10:03:14 AM - Failed to retrieve Broadband (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 3/9/2012 12:57:38 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 11:57:38 AM - Error connecting to the internet. 11:57:38 AM - Unable to contact server.. Error - 3/9/2012 12:58:09 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0 Description = 11:58:07 AM - Error connecting to the internet. 11:58:07 AM - Unable to contact server.. [ System Events ] Error - 4/14/2013 1:55:40 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected. Error - 4/14/2013 1:55:41 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001 Description = Error - 4/14/2013 1:55:47 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001 Description = The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error: %%1058 Error - 4/14/2013 1:56:56 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 4/14/2013 1:57:26 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016 Description = Error - 4/14/2013 8:09:32 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected. Error - 4/14/2013 8:09:33 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001 Description = Error - 4/14/2013 8:09:37 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001 Description = The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error: %%1058 Error - 4/14/2013 8:10:44 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 4/14/2013 8:11:13 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016 Description = < End of report >
  2. I can't find that service. I followed the direction to find it in services and also followed the path you listed above to look directly in the drivers file to be sure but I can't find it. I'm attaching a screen shot of where I'm looking so you can confirm I've gone to the right place.
  3. I have the restore point that Combofix created before it ran Friday at 12:30. That's the earliest one. Following is the MiniToolBox result: MiniToolBox by Farbar Version:05-03-2013 Ran by Home (administrator) on 14-04-2013 at 20:18:08 Running from "C:\Users\Home\Desktop" Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal *************************************************************************** ========================= Event log errors: =============================== Application errors: ================== Error: (04/14/2013 04:52:06 PM) (Source: Application Error) (User: ) Description: Faulting application name: WINWORDC.EXE, version: 14.0.6129.5000, time stamp: 0x5082ffdf Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000c0 Faulting process id: 0x1004 Faulting application start time: 0xWINWORDC.EXE0 Faulting application path: WINWORDC.EXE1 Faulting module path: WINWORDC.EXE2 Report Id: WINWORDC.EXE3 Error: (04/14/2013 08:56:02 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller) (User: Home-HP) Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation. Error: (04/13/2013 10:04:33 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/12/2013 00:32:12 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/11/2013 03:04:24 PM) (Source: Application Hang) (User: ) Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c58 Start Time: 01ce36e732b13bba Termination Time: 17 Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Report Id: 9a3c6046-a2da-11e2-8f95-ae79233c1299 Error: (04/10/2013 07:09:28 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/09/2013 07:52:15 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/09/2013 07:13:46 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/08/2013 08:03:07 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Error: (04/14/2013 08:11:13 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/14/2013 08:10:44 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (04/14/2013 08:09:37 PM) (Source: Service Control Manager) (User: ) Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error: %%1058 Error: (04/14/2013 08:09:33 PM) (Source: BugCheck) (User: ) Description: 0x0000007a (0xc0448998, 0xc000009d, 0x56336be0, 0x89133000)C:\Windows\Minidump\041413-16848-01.dmp041413-16848-01 Error: (04/14/2013 08:09:32 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected. Error: (04/14/2013 01:57:26 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/14/2013 01:56:56 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (04/14/2013 01:55:47 PM) (Source: Service Control Manager) (User: ) Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error: %%1058 Error: (04/14/2013 01:55:41 PM) (Source: BugCheck) (User: ) Description: 0x0000007a (0xc04186c0, 0xc000009d, 0x5233c860, 0x830d841e)C:\Windows\Minidump\041413-14976-01.dmp041413-14976-01 Error: (04/14/2013 01:55:40 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected. Microsoft Office Sessions: ========================= Error: (04/14/2013 04:52:06 PM) (Source: Application Error)(User: ) Description: WINWORDC.EXE14.0.6129.50005082ffdfunknown0.0.0.000000000c0000005000000c0100401ce3951c084f09eQ:\140066.enu\Office14\WINWORDC.EXEunknown2a692926-a545-11e2-915a-cc710b93c79a Error: (04/14/2013 08:56:02 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller)(User: Home-HP) Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/13/2013 10:04:33 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/12/2013 00:32:12 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/11/2013 03:04:24 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.1c5801ce36e732b13bba17C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe9a3c6046-a2da-11e2-8f95-ae79233c1299 Error: (04/10/2013 07:09:28 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/09/2013 07:52:15 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/09/2013 07:13:46 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/08/2013 08:03:07 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 ========================= Minidump Files ================================== No minidump file found **** End of log ****
  4. Good afternoon! I've done that and am still having the problem.
  5. No, it's still doing it. It started the first time it went to sleep yesterday, which was about 3 hours after the last time I posted. I ran the programs you directed me to, updated Windows and then installed Cookienator and SpywareBlaster.
  6. Ok, here is Combofix.txt for your review. I have to go be the snacktable lady for tiny football players for a few hours but I'll check back in as soon as I get home. Thanks again for all your help! ComboFix 13-04-12.02 - Home 04/13/2013 10:20:51.6.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1651.849 [GMT -4:00] Running from: c:\users\Home\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 14:30 . 2013-04-13 14:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-13 14:30 . 2013-04-13 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-13 13:29 . 2013-04-13 13:29 -------- d-----w- c:\program files\CCleaner 2013-04-12 17:38 . 2013-04-12 17:38 -------- d-----w- c:\program files\Cookienator 2013-04-12 17:32 . 2013-04-12 17:32 -------- d-----w- c:\programdata\Licenses 2013-04-12 17:32 . 2009-03-24 16:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2013-04-12 17:32 . 2013-04-12 17:34 -------- d-----w- c:\program files\SpywareBlaster 2013-04-12 17:31 . 2013-04-12 17:31 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8EBF5E4-42BD-41C8-9BA8-F79A7D86B949}\offreg.dll 2013-04-12 17:06 . 2012-10-23 11:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-12 17:06 . 2012-10-23 11:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D7CEC09-96BF-4FC9-ABA8-B907FC3F2F43}\gapaengine.dll 2013-04-12 17:05 . 2013-03-19 09:50 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8EBF5E4-42BD-41C8-9BA8-F79A7D86B949}\mpengine.dll 2013-04-12 16:57 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-12 16:57 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-12 16:57 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-12 16:57 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-12 16:57 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-12 16:57 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-12 16:57 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-12 16:57 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-12 16:57 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-12 16:57 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-12 16:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-04-12 16:55 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-12 16:25 . 2013-04-12 16:25 -------- d-----w- c:\program files\Common Files\Java 2013-04-12 16:24 . 2013-04-12 16:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-12 15:14 . 2013-04-12 15:14 98 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-12 08:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE9799AC-6E77-4E1D-A37B-11EEA321F4F9}\mpengine.dll 2013-04-11 19:13 . 2013-04-11 19:13 -------- d-----w- c:\program files\FileASSASSIN 2013-04-05 11:36 . 2013-04-05 11:36 0 ----a-w- c:\windows\system32\sho74B3.tmp 2013-04-04 14:15 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-04-04 14:15 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-04-04 14:15 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-04-04 14:15 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-03-31 22:32 . 2013-03-31 22:32 70824 ----a-w- c:\windows\system32\drivers\amd_sata.sys 2013-03-31 22:32 . 2013-03-31 22:32 34984 ----a-w- c:\windows\system32\drivers\amd_xata.sys 2013-03-29 01:03 . 2013-04-12 17:02 -------- d-----w- c:\program files\Microsoft Security Client 2013-03-29 00:48 . 2013-03-29 00:48 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-29 00:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-03-29 00:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-03-29 00:05 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-03-29 00:05 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-03-29 00:05 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-03-29 00:05 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-03-29 00:05 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-03-29 00:05 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-03-29 00:05 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-03-29 00:05 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-03-29 00:05 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-03-29 00:05 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-03-28 23:57 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll 2013-03-28 23:57 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll 2013-03-28 23:57 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll 2013-03-28 23:57 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-03-28 23:57 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2013-03-28 23:57 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll 2013-03-28 23:57 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll 2013-03-28 23:57 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-03-28 23:57 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-03-28 23:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll 2013-03-28 23:57 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-28 23:57 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-03-28 23:55 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2013-03-28 23:55 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-03-28 23:55 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-03-28 23:55 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-03-28 23:55 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2013-03-28 23:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll 2013-03-28 23:55 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-03-28 23:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-03-28 23:55 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll 2013-03-28 23:55 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-03-28 23:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2013-03-28 23:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll 2013-03-28 23:54 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll 2013-03-28 23:48 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-03-28 23:01 . 2013-03-28 23:01 -------- d-----w- c:\windows\CheckSur . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-12 16:23 . 2012-07-19 20:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-12 16:23 . 2011-10-07 12:18 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-04 18:50 . 2012-08-17 14:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-12 05:10 . 2011-11-28 17:20 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-27 19:01 . 2013-02-27 19:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 19:01 . 2011-10-18 18:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-12 04:48 . 2013-03-28 23:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-28 23:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-20 19:59 . 2013-01-20 19:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 19:59 . 2013-01-20 19:59 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59"="c:\users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720] "Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920] "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384] "HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] "WTClient"="WTClient.exe" [2007-04-11 40960] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "File Sanitizer"=c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x] R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [x] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Contents of the 'Scheduled Tasks' folder . 2013-04-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2012-09-04 19:58] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23] . 2013-04-13 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-23 23:19] . 2013-03-15 c:\windows\Tasks\HPCeeScheduleForHOME-HP$.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . ------- Supplementary Scan ------- . uStart Page = https://startpage.com/ TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: NameServer = 208.67.222.222,208.67.220.220 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(560) c:\windows\system32\DPFPApi.DLL . - - - - - - - > 'Explorer.exe'(5972) c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll . Completion time: 2013-04-13 10:33:58 ComboFix-quarantined-files.txt 2013-04-13 14:33 . Pre-Run: 191,681,298,432 bytes free Post-Run: 191,402,717,184 bytes free . - - End Of File - - F4F5C25F13C3598798F6DEBA47E25BAC
  7. Ok, I ran that, then put it to sleep and it's still doing it.
  8. Mr. Charlie, I hate to bug you again but I'm having a problem. Ever since I did all the removals and updating yesterday, every time my computer goes to sleep, I get the blue screen when I wake it up and it shuts itself down. The blue screen goes away too quickly for me to catch the exact error so all I saw was the word 'kernel'. This is what the recovery window says after it restarts: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: 7a BCP1: 00000020 BCP2: C000009D BCP3: 86DA6BDC BCP4: 00000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\041313-18985-01.dmp C:\Users\Home\AppData\Local\Temp\WER-65239-0.sysdata.xml Do you know why it would be doing this and what I can do about it? Thanks!
  9. My malware removal couldn't possibly have gone smoother. Clear directions, incredibly prompt responses, A+ professionalism: you couldn't ask for better. I'm forever grateful!

  10. Lovely! I've deleted, updated, added protection from your prevention tips & even figured out how to do OpenDNS, although I admit that took me a few minutes. You're a prince among men and I can't thank you enough. Have a wonderful weekend!
  11. Checkup.txt Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 6 Update 27 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.6.602.171 Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  12. Below are the logs you requested. Things seems to be running more smoothly. If you think I'm in the clear, can you give me a word of advice about prevention? I have Malwarebytes Pro with protection enabled. Is that sufficient and if not, what else would you recommend that I run? I have a couple of teenage daughters who are too silly to be trusted to not let this happen again. AdwCleaner[s1].txt # AdwCleaner v2.200 - Logfile created 04/12/2013 at 11:14:17 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Home - HOME-HP # Boot Mode : Normal # Running from : C:\Users\Home\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\Home\AppData\Local\APN Folder Deleted : C:\Users\Home\AppData\Local\PackageAware ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.4664] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ] ************************* AdwCleaner[R1].txt - [2334 octets] - [12/04/2013 11:03:47] AdwCleaner[R2].txt - [2394 octets] - [12/04/2013 11:13:33] AdwCleaner[s1].txt - [2058 octets] - [12/04/2013 11:14:17] ########## EOF - C:\AdwCleaner[s1].txt - [2118 octets] ########## mbam-log-2013-04-12 (11-27-13).txt Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.12.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-HP [administrator] Protection: Enabled 4/12/2013 11:27:13 AM mbam-log-2013-04-12 (11-27-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 211461 Time elapsed: 7 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. ADWCleaner[R1].txt: # AdwCleaner v2.200 - Logfile created 04/12/2013 at 11:03:47 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Home - HOME-HP # Boot Mode : Normal # Running from : C:\Users\Home\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\WeCareReminder Folder Found : C:\Users\Home\AppData\Local\APN Folder Found : C:\Users\Home\AppData\Local\PackageAware ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS Key Found : HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.4664] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ] ************************* AdwCleaner[R1].txt - [2205 octets] - [12/04/2013 11:03:47] ########## EOF - C:\AdwCleaner[R1].txt - [2265 octets] ##########
  14. Following is my ComboFix log: ComboFix 13-04-12.01 - Home 04/12/2013 10:13:23.5.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1651.817 [GMT -4:00] Running from: c:\users\Home\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Home\Documents\~WRL1460.tmp . . ((((((((((((((((((((((((( Files Created from 2013-03-12 to 2013-04-12 ))))))))))))))))))))))))))))))) . . 2013-04-12 14:23 . 2013-04-12 14:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-12 14:23 . 2013-04-12 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-12 08:22 . 2013-04-12 08:22 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE9799AC-6E77-4E1D-A37B-11EEA321F4F9}\offreg.dll 2013-04-12 08:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE9799AC-6E77-4E1D-A37B-11EEA321F4F9}\mpengine.dll 2013-04-11 19:13 . 2013-04-11 19:13 -------- d-----w- c:\program files\FileASSASSIN 2013-04-05 11:36 . 2013-04-05 11:36 0 ----a-w- c:\windows\system32\sho74B3.tmp 2013-04-04 14:15 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-04-04 14:15 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-04-04 14:15 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-04-04 14:15 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-03-29 01:03 . 2013-03-31 00:31 -------- d-----w- c:\program files\Microsoft Security Client 2013-03-29 00:48 . 2013-03-29 00:48 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-29 00:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2013-03-29 00:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-03-29 00:06 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-29 00:05 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-03-29 00:05 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-03-29 00:05 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-03-29 00:05 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-03-29 00:05 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-03-29 00:05 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-03-29 00:05 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-03-29 00:05 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-03-29 00:05 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-03-29 00:05 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-03-29 00:02 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-29 00:02 . 2013-02-02 04:19 149552 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-03-29 00:02 . 2013-02-02 03:27 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-03-29 00:02 . 2013-02-02 03:26 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-03-29 00:02 . 2013-02-02 03:28 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-03-29 00:02 . 2013-02-02 03:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-29 00:02 . 2013-02-02 03:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-03-29 00:01 . 2013-02-02 04:19 757296 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-03-29 00:01 . 2013-02-02 03:38 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-03-29 00:01 . 2013-02-02 03:32 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-03-29 00:01 . 2013-02-02 03:31 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-03-29 00:01 . 2013-02-02 03:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-28 23:57 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll 2013-03-28 23:57 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll 2013-03-28 23:57 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll 2013-03-28 23:57 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-03-28 23:57 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2013-03-28 23:57 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll 2013-03-28 23:57 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll 2013-03-28 23:57 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-03-28 23:57 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-03-28 23:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll 2013-03-28 23:57 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-28 23:57 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-03-28 23:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-28 23:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll 2013-03-28 23:54 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll 2013-03-28 23:48 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-03-28 23:01 . 2013-03-28 23:01 -------- d-----w- c:\windows\CheckSur . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 18:50 . 2012-08-17 14:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-12 05:10 . 2011-11-28 17:20 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-27 19:01 . 2013-02-27 19:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 19:01 . 2011-10-18 18:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-12 04:48 . 2013-03-28 23:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-28 23:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59"="c:\users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920] "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384] "HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] "WTClient"="WTClient.exe" [2007-04-11 40960] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "File Sanitizer"=c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x] R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [x] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 52955863 *NewlyCreated* - 58784178 *Deregistered* - 52955863 *Deregistered* - 58784178 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Contents of the 'Scheduled Tasks' folder . 2013-04-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2012-09-04 19:58] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24] . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23] . 2013-04-12 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-23 23:19] . 2013-03-15 c:\windows\Tasks\HPCeeScheduleForHOME-HP$.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . ------- Supplementary Scan ------- . uStart Page = https://startpage.com/ TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-58784178.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(528) c:\windows\system32\DPFPApi.DLL . Completion time: 2013-04-12 10:26:32 ComboFix-quarantined-files.txt 2013-04-12 14:26 . Pre-Run: 183,145,390,080 bytes free Post-Run: 182,886,490,112 bytes free . - - End Of File - - F6CAAF8519C1788963C45EF288DDAC62
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.