Jump to content


Photo
- - - - -

Possible infection: browser redirects, etc.


  • This topic is locked This topic is locked
35 replies to this topic

#21 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 13 April 2013 - 08:40 AM

Ok, I ran that, then put it to sleep and it's still doing it.

#22 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 April 2013 - 08:55 AM

Run ComboFix again:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#23 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 13 April 2013 - 09:37 AM

Ok, here is Combofix.txt for your review. I have to go be the snacktable lady for tiny football players for a few hours but I'll check back in as soon as I get home. Thanks again for all your help!


ComboFix 13-04-12.02 - Home 04/13/2013 10:20:51.6.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1651.849 [GMT -4:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))
.
.
2013-04-13 14:30 . 2013-04-13 14:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-13 14:30 . 2013-04-13 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-13 13:29 . 2013-04-13 13:29 -------- d-----w- c:\program files\CCleaner
2013-04-12 17:38 . 2013-04-12 17:38 -------- d-----w- c:\program files\Cookienator
2013-04-12 17:32 . 2013-04-12 17:32 -------- d-----w- c:\programdata\Licenses
2013-04-12 17:32 . 2009-03-24 16:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-04-12 17:32 . 2013-04-12 17:34 -------- d-----w- c:\program files\SpywareBlaster
2013-04-12 17:31 . 2013-04-12 17:31 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8EBF5E4-42BD-41C8-9BA8-F79A7D86B949}\offreg.dll
2013-04-12 17:06 . 2012-10-23 11:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-12 17:06 . 2012-10-23 11:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D7CEC09-96BF-4FC9-ABA8-B907FC3F2F43}\gapaengine.dll
2013-04-12 17:05 . 2013-03-19 09:50 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8EBF5E4-42BD-41C8-9BA8-F79A7D86B949}\mpengine.dll
2013-04-12 16:57 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-12 16:57 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-12 16:57 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 16:57 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 16:57 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-12 16:57 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 16:57 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-12 16:57 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-12 16:57 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-12 16:57 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-12 16:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-04-12 16:55 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-12 16:25 . 2013-04-12 16:25 -------- d-----w- c:\program files\Common Files\Java
2013-04-12 16:24 . 2013-04-12 16:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-12 15:14 . 2013-04-12 15:14 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-12 08:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE9799AC-6E77-4E1D-A37B-11EEA321F4F9}\mpengine.dll
2013-04-11 19:13 . 2013-04-11 19:13 -------- d-----w- c:\program files\FileASSASSIN
2013-04-05 11:36 . 2013-04-05 11:36 0 ----a-w- c:\windows\system32\sho74B3.tmp
2013-04-04 14:15 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-04 14:15 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-04 14:15 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-04-04 14:15 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-31 22:32 . 2013-03-31 22:32 70824 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-03-31 22:32 . 2013-03-31 22:32 34984 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2013-03-29 01:03 . 2013-04-12 17:02 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-29 00:48 . 2013-03-29 00:48 0 ----a-w- c:\windows\ativpsrm.bin
2013-03-29 00:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-03-29 00:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-29 00:05 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-29 00:05 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-29 00:05 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-29 00:05 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-29 00:05 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-29 00:05 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-29 00:05 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-29 00:05 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-29 00:05 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-29 00:05 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-28 23:57 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-03-28 23:57 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-03-28 23:57 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-03-28 23:57 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-03-28 23:57 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-03-28 23:57 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-03-28 23:57 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-03-28 23:57 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-03-28 23:57 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-03-28 23:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2013-03-28 23:57 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 23:57 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 23:55 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-28 23:55 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-03-28 23:55 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-03-28 23:55 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-03-28 23:55 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-03-28 23:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-03-28 23:55 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-03-28 23:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-03-28 23:55 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-03-28 23:55 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-28 23:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2013-03-28 23:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-03-28 23:54 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-28 23:48 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 23:01 . 2013-03-28 23:01 -------- d-----w- c:\windows\CheckSur
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 16:23 . 2012-07-19 20:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-12 16:23 . 2011-10-07 12:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 18:50 . 2012-08-17 14:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-12 05:10 . 2011-11-28 17:20 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-27 19:01 . 2013-02-27 19:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 19:01 . 2011-10-18 18:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-28 23:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 23:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59 . 2013-01-20 19:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59"="c:\users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
"Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"File Sanitizer"=c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [x]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-09-04 19:58]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 13:24]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 20:23]
.
2013-04-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-23 23:19]
.
2013-03-15 c:\windows\Tasks\HPCeeScheduleForHOME-HP$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://startpage.com/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(5972)
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Completion time: 2013-04-13 10:33:58
ComboFix-quarantined-files.txt 2013-04-13 14:33
.
Pre-Run: 191,681,298,432 bytes free
Post-Run: 191,402,717,184 bytes free
.
- - End Of File - - F4F5C25F13C3598798F6DEBA47E25BAC

#24 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 April 2013 - 09:56 AM

That looks OK, any difference since running it??

What programs did you install before the problem started??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#25 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 13 April 2013 - 03:01 PM

No, it's still doing it. It started the first time it went to sleep yesterday, which was about 3 hours after the last time I posted. I ran the programs you directed me to, updated Windows and then installed Cookienator and SpywareBlaster.

#26 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 April 2013 - 06:57 PM

Uninstall these for now and see if there's any difference:
Cookienator and SpywareBlaster.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#27 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 14 April 2013 - 12:59 PM

Good afternoon! I've done that and am still having the problem.

#28 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2013 - 06:27 PM

Is there a system restore point that's available before the problem started?

-----------------------------------------------


Please download MiniToolBox, save it to your desktop and run it.
Close all browsers!

Checkmark the following checkboxes:
  • List last 10 Event Viewer log
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#29 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 14 April 2013 - 07:22 PM

I have the restore point that Combofix created before it ran Friday at 12:30. That's the earliest one. Following is the MiniToolBox result:


MiniToolBox by Farbar Version:05-03-2013
Ran by Home (administrator) on 14-04-2013 at 20:18:08
Running from "C:\Users\Home\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2013 04:52:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORDC.EXE, version: 14.0.6129.5000, time stamp: 0x5082ffdf
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000c0
Faulting process id: 0x1004
Faulting application start time: 0xWINWORDC.EXE0
Faulting application path: WINWORDC.EXE1
Faulting module path: WINWORDC.EXE2
Report Id: WINWORDC.EXE3

Error: (04/14/2013 08:56:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller) (User: Home-HP)
Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation.

Error: (04/13/2013 10:04:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/12/2013 00:32:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/11/2013 03:04:24 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c58

Start Time: 01ce36e732b13bba

Termination Time: 17

Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 9a3c6046-a2da-11e2-8f95-ae79233c1299

Error: (04/10/2013 07:09:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/09/2013 07:52:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/09/2013 07:13:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/08/2013 08:03:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (04/14/2013 08:11:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2013 08:10:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (04/14/2013 08:09:37 PM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (04/14/2013 08:09:33 PM) (Source: BugCheck) (User: )
Description: 0x0000007a (0xc0448998, 0xc000009d, 0x56336be0, 0x89133000)C:\Windows\Minidump\041413-16848-01.dmp041413-16848-01

Error: (04/14/2013 08:09:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected.

Error: (04/14/2013 01:57:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/14/2013 01:56:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (04/14/2013 01:55:47 PM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service depends on the AMD Reservation Manager service which failed to start because of the following error:
%%1058

Error: (04/14/2013 01:55:41 PM) (Source: BugCheck) (User: )
Description: 0x0000007a (0xc04186c0, 0xc000009d, 0x5233c860, 0x830d841e)C:\Windows\Minidump\041413-14976-01.dmp041413-14976-01

Error: (04/14/2013 01:55:40 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (04/14/2013 04:52:06 PM) (Source: Application Error)(User: )
Description: WINWORDC.EXE14.0.6129.50005082ffdfunknown0.0.0.000000000c0000005000000c0100401ce3951c084f09eQ:\140066.enu\Office14\WINWORDC.EXEunknown2a692926-a545-11e2-915a-cc710b93c79a

Error: (04/14/2013 08:56:02 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/14/2013 08:36:31 AM) (Source: MsiInstaller)(User: Home-HP)
Description: Product: PressReader -- Error 2753.The File 'pressreader.exe' is not marked for installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/13/2013 10:04:33 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/12/2013 00:32:12 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/11/2013 03:04:24 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1c5801ce36e732b13bba17C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe9a3c6046-a2da-11e2-8f95-ae79233c1299

Error: (04/10/2013 07:09:28 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/09/2013 07:52:15 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/09/2013 07:13:46 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/08/2013 08:03:07 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#30 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2013 - 07:31 PM

See if you can stop this service and then see how it is:
SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys

http://www.sevenforu...rt-disable.html

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#31 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 14 April 2013 - 07:44 PM

I can't find that service. I followed the direction to find it in services and also followed the path you listed above to look directly in the drivers file to be sure but I can't find it. I'm attaching a screen shot of where I'm looking so you can confirm I've gone to the right place.

Attached Files



#32 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 April 2013 - 07:53 PM

OK, run this scan and post the logs (I'll get back to you in the AM)


Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassoci...T-Tools/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#33 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 14 April 2013 - 07:54 PM

Will do. Thanks so much & have a great evening!

#34 amccoy37

amccoy37

    New Member

  • Members
  • Pip
  • 20 posts

Posted 14 April 2013 - 08:15 PM

OTL.txt:


OTL logfile created on: 4/14/2013 8:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free
3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HOME-HP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/11 13:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/08 19:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 19:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/30 21:56:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/03/30 21:52:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/03/28 20:54:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/03/28 20:53:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/03/28 20:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/03/28 20:53:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/03/28 20:52:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/03/28 20:52:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/03/28 20:52:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/03/28 20:51:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/03/28 20:50:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/03/28 20:50:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/03/28 20:50:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/03/28 20:50:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/11/10 18:39:38 | 000,096,256 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/10 18:38:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/12 19:59:12 | 000,098,304 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/02 17:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 20:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/29 06:10:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/10 18:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/17 08:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/22 17:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/01/12 12:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/12/11 20:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/07 14:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/17 07:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\drivers\WTSrv.exe -- (WinTabService)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Home\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/31 18:32:04 | 000,070,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2013/03/31 18:32:04 | 000,034,984 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/16 19:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010/11/11 02:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 02:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/11/11 02:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/11/11 02:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/04/29 06:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/02/18 12:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/10/21 16:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/07/31 07:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 11:28:56 | 000,017,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tablet2k.sys -- (Tablet2k)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{962C963C-B71E-49E0-8680-9EA440A6D1F2}: "URL" = http://websearch.ask...BB-3256A088FA25
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/11 10:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/14 20:09:09 | 000,000,000 | ---D | M]

[2012/05/21 18:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2012/01/11 21:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

========== Chrome ==========

CHR - default_search_provider: Startpage HTTPS (Enabled)
CHR - default_search_provider: search_url = https://startpage.co...anguage=english
CHR - default_search_provider: suggest_url =
CHR - homepage: https://startpage.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

O1 HOSTS File: ([2013/04/12 10:23:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D095447F-D777-402B-ADAA-CFC0048F4851}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 20:56:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/04/14 20:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/04/14 20:16:49 | 000,760,335 | ---- | C] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe
[2013/04/13 10:32:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/13 10:18:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/13 10:18:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/13 10:18:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/13 10:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/13 10:15:05 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/04/13 09:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/13 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/12 13:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/12 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/12 08:18:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar-1.01.0.1022
[2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/04/11 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2013/04/11 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\mbar-1.01.0.1022
[2013/04/04 11:57:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\WalgreensPics
[2013/03/28 21:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/28 19:01:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/03/27 20:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/22 17:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/22 10:58:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Youtubemusic
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 21:00:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job
[2013/04/14 20:59:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/04/14 20:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/04/14 20:41:32 | 000,256,290 | ---- | M] () -- C:\Users\Home\Desktop\services.png
[2013/04/14 20:40:18 | 000,320,356 | ---- | M] () -- C:\Users\Home\Desktop\Untitled.png
[2013/04/14 20:20:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 20:17:48 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 20:16:51 | 000,760,335 | ---- | M] (Farbar) -- C:\Users\Home\Desktop\MiniToolBox.exe
[2013/04/14 20:13:54 | 000,664,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/14 20:13:54 | 000,123,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/14 20:09:54 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 20:09:53 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/04/14 20:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 20:09:23 | 1298,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 15:48:33 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHOME-HP$.job
[2013/04/13 10:15:26 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/04/13 09:29:07 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/12 13:15:06 | 000,306,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/12 13:06:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/12 12:00:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job
[2013/04/12 11:14:41 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/12 10:23:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/12 08:18:25 | 012,894,739 | ---- | M] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip
[2013/04/11 17:01:39 | 000,002,366 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2013/04/11 15:13:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/04/11 15:02:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 13:10:15 | 000,017,934 | ---- | M] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt
[2013/04/04 23:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/02 13:19:50 | 000,297,653 | ---- | M] () -- C:\Users\Home\Desktop\0402131225.jpg
[2013/04/02 13:18:11 | 000,442,186 | ---- | M] () -- C:\Users\Home\Desktop\0402131231.jpg
[2013/04/02 13:17:00 | 000,350,159 | ---- | M] () -- C:\Users\Home\Desktop\0402131227.jpg
[2013/03/28 20:48:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/03/28 19:15:10 | 000,001,142 | ---- | M] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk
[2013/03/28 18:55:30 | 150,290,076 | ---- | M] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu
[2013/03/26 21:10:06 | 000,002,819 | ---- | M] () -- C:\Users\Home\Desktop\The history teacher.rtf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 20:41:32 | 000,256,290 | ---- | C] () -- C:\Users\Home\Desktop\services.png
[2013/04/14 20:40:18 | 000,320,356 | ---- | C] () -- C:\Users\Home\Desktop\Untitled.png
[2013/04/13 10:18:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/13 10:18:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/13 10:18:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/13 10:18:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/13 10:18:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/13 09:29:07 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/12 13:02:51 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/12 11:14:24 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/12 08:17:53 | 012,894,739 | ---- | C] () -- C:\Users\Home\Desktop\mbar-1.01.0.1022.zip
[2013/04/11 15:13:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/04/08 13:10:13 | 000,017,934 | ---- | C] () -- C:\Users\Home\Desktop\INFT101_Time_Management_Exercise_Amie_McCoy.odt
[2013/04/04 23:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/04 11:26:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/02 13:19:50 | 000,297,653 | ---- | C] () -- C:\Users\Home\Desktop\0402131225.jpg
[2013/04/02 13:18:10 | 000,442,186 | ---- | C] () -- C:\Users\Home\Desktop\0402131231.jpg
[2013/04/02 13:16:55 | 000,350,159 | ---- | C] () -- C:\Users\Home\Desktop\0402131227.jpg
[2013/03/28 20:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/28 20:05:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/28 20:05:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/28 18:53:49 | 150,290,076 | ---- | C] () -- C:\Users\Home\Desktop\Windows6.1-KB947821-v26-x86.msu
[2013/03/27 20:32:24 | 000,001,142 | ---- | C] () -- C:\Users\Home\Desktop\Windows Update Troubleshooting Info.lnk
[2013/03/26 21:10:05 | 000,002,819 | ---- | C] () -- C:\Users\Home\Desktop\The history teacher.rtf
[2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2013/02/02 19:15:06 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\howto
[2013/02/02 19:08:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2012/12/06 09:42:10 | 000,014,161 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/05/28 18:26:32 | 000,019,507 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012/05/27 08:22:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/02/14 19:56:50 | 000,173,109 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/12/15 21:38:40 | 000,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/12 16:12:36 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/09/30 04:52:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/29 07:08:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/09/27 16:41:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/05/11 10:52:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/24 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011/11/08 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Blio
[2011/09/27 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DigitalPersona
[2012/05/29 08:05:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\F-Secure
[2011/10/02 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Flood Light Games
[2013/01/15 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GlarySoft
[2011/11/07 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\iolo
[2011/10/13 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Magic Academy 2
[2013/03/15 13:10:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MusicNet
[2013/02/02 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nikon
[2012/08/24 23:57:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ooVoo Details
[2012/12/17 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2012/01/11 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips
[2012/01/11 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philips-Songbird
[2013/04/12 09:42:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SoftGrid Client
[2012/04/29 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SumatraPDF
[2012/10/03 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TechWizard
[2013/03/06 12:59:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TFP
[2011/11/17 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Thunderbird
[2011/09/27 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TP
[2011/12/23 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Visan
[2012/07/28 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangent
[2011/10/10 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1001
[2011/10/10 05:51:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WildTangentv1002
[2011/10/06 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


Extras.txt:


OTL Extras logfile created on: 4/14/2013 8:58:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.61 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 41.02% Memory free
3.22 Gb Paging File | 1.61 Gb Available in Paging File | 49.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 177.62 Gb Free Space | 80.07% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 1.34 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HOME-HP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F760C23-0A9B-4C09-BB2A-3ED158543D34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{215DCA5E-1152-40BF-82EE-EEEC7ADFA709}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{227897B4-DBEC-48B9-A5B6-2A05F5E0A896}" = lport=2869 | protocol=6 | dir=in | app=system |
"{242AEB9A-F277-41B2-B083-EE584D05F213}" = lport=139 | protocol=6 | dir=in | app=system |
"{25364621-D9C2-4B77-8486-711977A28893}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{323F4D31-9E7F-4AB1-B0E4-9AD90C4878D2}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{34B568CC-AE4B-4A74-BB45-907893688F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{392BF4DE-5BD3-4F2E-8FBF-AC61F3B3ADFB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3BDCA200-7A87-4A80-95D9-1DF5E4626AD5}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{405C98C3-3223-432C-92B7-3C2F8C52E5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{461A73A7-DD3D-4228-8115-C74BD194C4D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E150A51-DEE2-4FCB-BA16-FC499FA0CEFB}" = rport=138 | protocol=17 | dir=out | app=system |
"{54F8C631-9E0A-48D5-A656-6BFA96BF55CB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{56890CE3-824C-40B4-8CD9-F90E50245B7F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{58AFCE0D-F192-433A-B017-3F2CE704D3BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{58EDE509-73F6-4898-85FE-1BEAD330B2C6}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{5A492BF7-D735-4A84-BF1F-141136DAC2A8}" = rport=445 | protocol=6 | dir=out | app=system |
"{630892A4-DFE2-462E-A504-E544038A2D1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6615A7EA-DA90-4CDA-9763-E5F5C09DEC3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74AB533E-FF4E-4A0F-ACD6-8D2EEABA70C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{7628607A-37FE-40FF-9D67-8C228C712C7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5F0866D-D89C-434B-A8DD-348BCAE58326}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8A3346E-D61F-4881-B0AA-4D8E93045E62}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC23D38E-FEAF-47C6-A358-D8C44909EAFD}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{BDF99C38-2A56-42CD-835A-663D7CBECFED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C93DF7C1-51DC-4E9F-89BE-71A7BD8B75D6}" = lport=138 | protocol=17 | dir=in | app=system |
"{C9EE2EBE-297C-4337-9FC5-7B9E9E74F439}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{DA585A4B-0FAC-4634-949D-58E491FDE41A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{ED7D6AC2-B481-48A4-96A3-0AB0F82FBB31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F060C97A-6E63-48C0-AA0B-8F3A20F3A1DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F16D9407-1765-4B80-92CF-312CE895A693}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA0E3876-8735-4C7F-9EDF-E9B8373EBE67}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{155C2EF7-BA64-4301-8D95-2CE2BAF184F6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1F2AC206-56C3-4DF9-82B4-B7E9CAF37C79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F3A4062-DBD7-4A37-A581-D7030BDB502F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{277349AF-5E88-4283-8685-ACCEE0784A54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{2849BAF4-B02A-4A67-BE02-5AEA01B47A5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{2B4CBCA3-2342-4CFA-86AA-7931C0680E75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A464BB0-BF11-4EB5-A72C-87C113EA034A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{43AA96D6-E6DF-40BE-AC1A-7ECD3B2B6355}" = protocol=6 | dir=out | app=system |
"{44AD00E8-5B8A-484C-A65C-5013D492C097}" = dir=in | app=c:\program files\hp\digital imaging\{dbc1de57-b55a-4d57-9769-1db9be506af7}\setup\hpznui01.exe |
"{4916D4CD-C149-4E92-8A25-E01B6B0CA028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{556D602B-0EF4-4D0C-B3F3-7BCBCD98915B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E79FE74-E785-45A0-AF14-6F22401302DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76BB417D-95D0-40CA-9C77-E515AF625FFE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CD0523B-9D18-443D-A558-A4403B671C91}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8F19634E-A07D-46F2-BE1E-562A31567FE9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AFE7B63-6D07-4ECB-8628-5989527D30F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A06CC4A2-BECF-4DE5-9284-C4BE61A0F2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC9735B0-5F97-4084-8503-36E04D532F50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B2BD4A30-FD2F-48BA-9356-8D18553F0B90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B91AEAA7-ECB6-4FA2-ADCE-DACF14CF0103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{BF68DF48-3744-4474-B43C-270562BA3982}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C3956D0C-6366-4835-BC94-836E48382CF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCC7233B-89B0-4442-88C2-6C67BAFB4D68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D27F6EC2-0D4C-4BF9-910C-9BE47C0624B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E16165C2-D084-41CA-A2A7-AC7D65626759}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E44ADD84-C6EA-4886-8299-51C788C09343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E99EAAED-57CD-491D-A6C6-618FFEFF5AFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ED9D1918-23AA-474A-8E98-19CDB846DCD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6860AE0-AF69-4B5C-BFE7-085FBDA530FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F84719AE-9287-4F69-B34A-B8D06F370E8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"TCP Query User{034D29E4-C089-4101-BC02-5980A26F0188}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{13EC4BAC-7F08-4DDB-90FB-87A6E9FE96A5}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe |
"TCP Query User{A7D124DF-4E08-45BE-B5D9-85766F81D582}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{D5D4231B-0548-437D-AB45-DB04D01144B0}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{13E95C19-AAB1-44B9-AD31-29BC383C56FF}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe |
"UDP Query User{74297CF3-CE34-4525-8A68-0A089C236C01}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{B9725560-9690-4F40-8B71-66C02A8779F3}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{F4A84577-6178-48A6-B5CF-FACDF821306B}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BA6A83-C7A7-4F85-88F1-150142305229}" = HP Setup
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B7ED668-BACF-F980-455F-7CDBA927DC66}" = CCC Help Thai
"{121A4F64-BCA4-B173-6E82-BF2E5D7FC645}" = WMV9/VC-1 Video Playback
"{12E6F67A-923C-D5A4-29F3-0A399501FEF7}" = CCC Help Russian
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{170202F8-6B51-64B8-F625-34A9A85CBD9F}" = Catalyst Control Center Localization All
"{187A2434-7967-B82C-CBC3-80E93F6892DF}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E26835-81B8-318F-5862-6CC664EF0E7B}" = ccc-core-static
"{22B40D6A-4F41-4AA5-934B-41796A9DFCC3}" = HP ProtectTools Security Manager
"{2591AA1D-C126-92C3-8440-353B8B098496}" = CCC Help Greek
"{26641020-BFB8-38FB-6843-6B150B2B67F7}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4C7475-308B-5E13-A251-7BDDF80CB177}" = CCC Help Chinese Standard
"{4DC384B3-E425-EA76-79FC-AB6D98BCFECC}" = CCC Help Polish
"{5104636C-6F7E-D1CC-2A3E-EEDFCA5612DC}" = Catalyst Control Center Graphics Previews Common
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6A563C2A-CADE-3B64-5BC6-6838D6133642}" = Catalyst Control Center Profiles Mobile
"{6B67F63F-D5A0-444B-BD33-17FAB928909C}" = Catalyst Control Center - Branding
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6DFF9444-9007-466A-9783-6E7D6749C97B}" = Verizon Download Manager
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCBD5C3-3D85-6F98-C9DA-4852A58BB58D}" = CCC Help Danish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9830833E-1E3D-60DC-8C96-826E30833BB9}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B831BBC-F6FE-F529-AC77-2B2FA15F69B4}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8930F7C-9D88-5CE4-3C71-879BC60A150D}" = CCC Help Czech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AE33E61E-1965-AA52-653B-A17633500A5F}" = CCC Help French
"{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio
"{B2ADD2FF-956E-2D1A-7B02-0F1697D649FE}" = CCC Help Dutch
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B4A29707-5057-94AC-C1C2-44ADA35CC9A0}" = CCC Help Finnish
"{B50B4461-342A-CB25-B788-D0BCD6A5FD49}" = ccc-utility
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{C08EBCB0-1536-4160-95F5-99CF528E7628}" = CCC Help Korean
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6392BA0-B2C5-FB7C-E182-5CE8E3A934ED}" = AMD Fuel
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD89053A-F34D-21E7-42DB-D62B63420DFD}" = CCC Help Swedish
"{CD898250-2079-0CD9-756B-C9D0D3EDCF06}" = CCC Help Norwegian
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D700FC83-6DE5-73BB-8DFF-23829E3A093B}" = CCC Help Spanish
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA776DAB-D3E1-5B46-BF39-A33748BEE903}" = CCC Help Portuguese
"{DB34DFEE-FB6F-3AFF-EC2F-FD7ACC3F4BB6}" = CCC Help English
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F81DDD-3860-DC3D-A4C0-6677FB5F60DD}" = CCC Help German
"{F21B328D-BD52-54AE-8976-313C4BD0B115}" = CCC Help Hungarian
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA77C376-6C00-C500-16CC-7F069F651ED2}" = ATI Catalyst Install Manager
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"FileASSASSIN" = FileASSASSIN
"Glary Utilities_is1" = Glary Utilities 2.53.0.1726
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SumatraPDF" = SumatraPDF
"WildTangent hp Master Uninstall" = HP Games
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087360" = Escape Rosecliff Island
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2027250934-3594322611-3621127875-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2013 12:33:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 3/31/2013 1:45:19 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/1/2013 7:27:16 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/2/2013 12:31:19 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/3/2013 7:12:51 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/4/2013 7:12:39 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/4/2013 11:26:57 AM | Computer Name = Home-HP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
was canceled. You canceled the Security Essentials installation on your computer.
Error code:0x8004FF0A.

Error - 4/5/2013 7:25:21 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/6/2013 12:54:36 PM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/8/2013 8:03:07 AM | Computer Name = Home-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 1/6/2012 11:07:17 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:07:17 AM - Error connecting to the internet. 10:07:17 AM - Unable
to contact server..

Error - 1/6/2012 11:07:53 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:07:46 AM - Error connecting to the internet. 10:07:46 AM - Unable
to contact server..

Error - 3/9/2012 11:01:51 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:01:51 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/9/2012 11:03:12 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:03:12 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:03:12 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/9/2012 11:03:13 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:03:13 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:03:13 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/9/2012 11:03:14 AM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 10:03:14 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/9/2012 12:57:38 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 11:57:38 AM - Error connecting to the internet. 11:57:38 AM - Unable
to contact server..

Error - 3/9/2012 12:58:09 PM | Computer Name = Home-HP | Source = MCUpdate | ID = 0
Description = 11:58:07 AM - Error connecting to the internet. 11:58:07 AM - Unable
to contact server..

[ System Events ]
Error - 4/14/2013 1:55:40 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:44:30 PM on ?4/?14/?2013 was unexpected.

Error - 4/14/2013 1:55:41 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001
Description =

Error - 4/14/2013 1:55:47 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001
Description = The AMD FUEL Service service depends on the AMD Reservation Manager
service which failed to start because of the following error: %%1058

Error - 4/14/2013 1:56:56 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 4/14/2013 1:57:26 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016
Description =

Error - 4/14/2013 8:09:32 PM | Computer Name = Home-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:20:29 PM on ?4/?14/?2013 was unexpected.

Error - 4/14/2013 8:09:33 PM | Computer Name = HOME-HP | Source = BugCheck | ID = 1001
Description =

Error - 4/14/2013 8:09:37 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7001
Description = The AMD FUEL Service service depends on the AMD Reservation Manager
service which failed to start because of the following error: %%1058

Error - 4/14/2013 8:10:44 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 4/14/2013 8:11:13 PM | Computer Name = Home-HP | Source = DCOM | ID = 10016
Description =


< End of report >

#35 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,133 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 April 2013 - 08:01 AM

Sounds like it has something to do with this driver:

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)

Error - 4/14/2013 8:10:44 PM | Computer Name = Home-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE



MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#36 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 21 April 2013 - 08:53 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users