Jump to content


Photo

[RESOLVED] I have some strange things that started a few days ago


  • You cannot start a new topic
  • Please log in to reply
43 replies to this topic

#21 Broni

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 17 January 2013 - 02:33 AM

We'll try to see what's going on with IE.

p22003266.jpg  p22003279.jpgp4279089.jpg


#22 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 17 January 2013 - 02:35 AM

We can try again tomorrow. I have to get some sleep. I will check back then. thanks so much

#23 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 17 January 2013 - 02:36 AM

No problem.
You still owe me AdwCleaner and OTL logs.

p22003266.jpg  p22003279.jpgp4279089.jpg


#24 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 17 January 2013 - 09:11 PM

OTL logfile created on: 1/17/2013 3:02:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MIKE\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 72.16% Memory free
17.98 Gb Paging File | 15.04 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1325.83 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.41 Gb Free Space | 12.19% Space Free | Partition Type: NTFS

Computer Name: MIKE-HP | User Name: MIKE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 15:00:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
PRC - [2013/01/09 09:03:22 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/07 00:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 03:33:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:27:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:27:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:27:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 03:27:13 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 03:27:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:27:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:26:58 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 03:26:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 03:26:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:26:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:26:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:26:42 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/07 18:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 18:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/07 18:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 18:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/07 18:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/07 18:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/23 18:05:37 | 000,101,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/03 13:43:14 | 001,703,936 | ---- | M] () -- C:\Users\MIKE\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 13:34:18 | 003,764,224 | ---- | M] () -- C:\Users\MIKE\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 09:03:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:33:24 | 000,148,480 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/12/18 09:33:20 | 000,376,320 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/03/07 00:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/18 09:33:44 | 000,088,600 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/27 11:01:43 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 02:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/18 21:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/11 17:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/09/11 17:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/12 06:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/01/16 09:32:28 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130117.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 09:32:28 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130117.003\eng64.sys -- (NAVENG)
DRV - [2012/11/29 11:56:52 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/10/23 17:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 18:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130116.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 06:39:41 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 06:39:41 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/03 00:03:46 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/23 17:12:14] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D9FC8BE8-4913-48D4-B798-8BC0131459A6}
IE:64bit: - HKLM\..\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{D9FC8BE8-4913-48D4-B798-8BC0131459A6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {D9FC8BE8-4913-48D4-B798-8BC0131459A6}
IE - HKLM\..\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{D9FC8BE8-4913-48D4-B798-8BC0131459A6}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1299830068-593041954-1282060008-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2012/03/29 02:20:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/27 12:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013/01/16 20:19:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/27 12:47:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\uc@uc.com: C:\Program Files (x86)\Unfriend Checker\FF\ [2013/01/12 14:48:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Unfriend Checker = C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiponhbbifajapmbggbgaepiedinifm\1.1_0\
CHR - Extension: YouTube = C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 19:43:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Publishers Clearing House Prize Bar) - {0FB24E1F-D247-4F4E-8DDD-9E18EA10829F} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\..\Toolbar\WebBrowser: (Publishers Clearing House Prize Bar) - {0FB24E1F-D247-4F4E-8DDD-9E18EA10829F} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1003..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1299830068-593041954-1282060008-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2203D0DB-E184-4638-893B-434CEB9A2BF2}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E54DF5EC-37BB-479A-A671-C71F3971B525}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 15:00:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
[2013/01/16 19:56:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 19:55:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/16 19:55:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/16 19:52:39 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\MIKE\Desktop\JRT.exe
[2013/01/16 19:38:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 19:38:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 19:38:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 19:38:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 19:38:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/16 19:38:02 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\MIKE\Desktop\ComboFix.exe
[2013/01/16 19:04:50 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\mbar-1.01.0.1016
[2013/01/16 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\RK_Quarantine
[2013/01/16 14:23:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/16 13:41:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MIKE\Desktop\aswMBR.exe
[2013/01/16 13:24:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\MIKE\Desktop\dds.com
[2013/01/16 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/16 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/16 13:13:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/16 12:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/16 12:50:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/16 12:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/16 12:37:28 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\LogMeIn
[2013/01/16 12:37:23 | 000,035,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/01/16 12:37:22 | 000,088,600 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/01/16 12:37:22 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2013/01/16 12:37:20 | 000,084,472 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/01/16 12:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/01/16 12:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2013/01/16 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\Apps
[2013/01/16 12:35:54 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\Deployment
[2013/01/12 14:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/12 14:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/12 14:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unfriend Checker
[2013/01/08 11:51:33 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013/01/17 15:00:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
[2013/01/17 14:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 14:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 08:29:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 20:26:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 20:26:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 20:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/16 20:18:56 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 20:02:18 | 000,221,805 | ---- | M] () -- C:\Users\MIKE\Desktop\error internet explorer.png
[2013/01/16 19:52:39 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\MIKE\Desktop\JRT.exe
[2013/01/16 19:52:17 | 000,554,087 | ---- | M] () -- C:\Users\MIKE\Desktop\adwcleaner.exe
[2013/01/16 19:43:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/16 19:38:02 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\MIKE\Desktop\ComboFix.exe
[2013/01/16 19:04:23 | 013,462,931 | ---- | M] () -- C:\Users\MIKE\Desktop\mbar-1.01.0.1016.zip
[2013/01/16 19:00:13 | 000,764,416 | ---- | M] () -- C:\Users\MIKE\Desktop\RogueKiller.exe
[2013/01/16 13:41:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MIKE\Desktop\aswMBR.exe
[2013/01/16 13:24:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\MIKE\Desktop\dds.com
[2013/01/16 12:50:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/16 12:37:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/14 10:57:08 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMIKE.job
[2013/01/12 14:58:24 | 000,002,281 | ---- | M] () -- C:\Users\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/12 14:48:43 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/12 14:47:58 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/01/10 03:27:43 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 03:27:43 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 03:27:43 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 03:23:05 | 000,428,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/31 10:00:25 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2013/01/16 20:02:18 | 000,221,805 | ---- | C] () -- C:\Users\MIKE\Desktop\error internet explorer.png
[2013/01/16 19:52:17 | 000,554,087 | ---- | C] () -- C:\Users\MIKE\Desktop\adwcleaner.exe
[2013/01/16 19:38:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 19:38:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 19:38:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 19:38:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 19:38:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 19:04:16 | 013,462,931 | ---- | C] () -- C:\Users\MIKE\Desktop\mbar-1.01.0.1016.zip
[2013/01/16 19:00:13 | 000,764,416 | ---- | C] () -- C:\Users\MIKE\Desktop\RogueKiller.exe
[2013/01/16 12:50:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/16 12:37:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/01/16 12:37:06 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2013/01/12 14:48:43 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/12 14:47:58 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/03/27 12:45:25 | 000,228,983 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012/03/27 12:45:25 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2012/03/27 11:42:45 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/27 11:00:47 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\PictureMover
[2012/05/12 07:56:10 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\SoftGrid Client
[2012/03/27 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\TP

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 1/17/2013 3:02:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MIKE\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 72.16% Memory free
17.98 Gb Paging File | 15.04 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1325.83 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.41 Gb Free Space | 12.19% Space Free | Partition Type: NTFS

Computer Name: MIKE-HP | User Name: MIKE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A763FFA-9220-479D-BAFE-181FBD2396B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0B7BEC60-73AB-470B-AFE0-C4C3CCB51801}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EFBEDED-C309-46C7-9B46-15642418F435}" = lport=137 | protocol=17 | dir=in | app=system |
"{1DCAE332-F04D-41DB-AA05-0A1EF29E62E4}" = lport=3389 | protocol=6 | dir=in | app=system |
"{2C993868-DA76-4C4E-82D3-B5EB7F3BD1DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F250973-B724-4D02-9C03-380196EF3FCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40E09255-CF96-4701-A8BB-11215A4D835C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43F9CC0D-7550-4EED-A815-1211E345F6A5}" = lport=139 | protocol=6 | dir=in | app=system |
"{49ADE9F6-0BE9-4920-8119-A318D2B7AED7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{58BEE43C-1D82-45FA-A6DE-A99D949BF2DD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{6476EE84-BC79-4CA5-BC0E-0FCA04A60D71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D6D4F73-9AA2-422C-8A19-01EFE118D9DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75D35DDE-0DDB-48DB-81B1-7526BC4BD4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7DC7E187-5DE6-4E92-BB64-BFB2EF5AB237}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{942B91EB-D2D5-42CF-B87C-2C4BA5CBBD2F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95C154E8-974A-4379-8B8E-6E601F090D27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{96A66CBF-CFBE-4EE2-AA30-A270089E359E}" = lport=138 | protocol=17 | dir=in | app=system |
"{A2DA4F90-75D0-4038-89D6-5FAB0FBB2760}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD87C02B-3DE5-4FF4-8181-48D3B3113209}" = rport=139 | protocol=6 | dir=out | app=system |
"{B23682FA-3CDA-4211-AC9D-FB34F951AB89}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7EE5FD6-9CA8-45AE-8868-32B86F4E8CAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C157CDD2-26EE-4E3D-A8D7-EA17695964C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1043B89-2CDE-4FBF-98D4-145EBDEF3CDC}" = lport=445 | protocol=6 | dir=in | app=system |
"{F34CBA3B-729F-4159-859D-E46356ACB8B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{F857B261-74DE-4944-8531-1D6CBABAE7CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F871FAA8-484E-4554-AD29-E5956628F1A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{FB04FFDD-124E-482E-B0E0-94E28F3EE27D}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0531BD9A-9328-4A4B-B504-49116095F641}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{129FFEA6-1AE2-431D-84AD-35D79CE7E9F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{15E407D8-9B2F-4D76-9120-3870A91369DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{21740310-6731-499E-8EEC-9C0809AEFA1A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{303255E1-3BDE-4217-87D2-8ED23357C64C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{30D8CC71-8605-4823-8F95-5168ED89297E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{374BDADB-9225-48FF-A008-FB998EBD61FE}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{3F51F746-5847-4720-B898-EFAC63DD3D8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3F98D53A-A2BC-4CB4-863B-4EEE590BA23F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40FDB6BD-7DC1-4A55-A5C8-5AB2520DC75A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{410F3DA5-EDA4-4C1C-9C2A-4DBC39B0E6F9}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{53508FFC-11C0-40C7-A6A6-610308B7DFF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{53D4429B-CD15-4C7C-817C-16C6D79F3A12}" = protocol=6 | dir=in | app=c:\program files (x86)\publishers clearing house prize bar\troubleshooter.exe |
"{5BC3AED3-A37C-49F1-BC71-1EEA6BCFD5D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{66962DC5-8D23-4617-819C-249EFA461033}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{67203393-921A-4E91-8716-97D385630AEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6798F9AE-6D17-41C6-87F3-4E0BACD96BC7}" = protocol=17 | dir=in | app=c:\program files (x86)\publishers clearing house prize bar\troubleshooter.exe |
"{736AB963-5AE4-4D1A-8D7E-518AE0A6C697}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7A942A7D-352E-467B-8174-9FC61F8AB6B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B3C802A-F40F-4F04-9BC6-726A18369406}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E574E8B-B54D-4D12-95FF-5A1400649297}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8372BAE7-685D-4953-BBC2-B385E9F6FCD5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{843E97C1-FB0F-496B-8B83-C8357F5815F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84BE0906-08B7-4F0F-97AC-4F32D43F7BE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{89546A1E-B633-4E7F-9C57-8B9975D84023}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{92AD99BD-EE40-412B-B1D0-FF64DB67ED11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{965A8EF8-82A3-4F1F-9514-8EC7ECC581A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{9696933D-733B-4901-9216-759FADD000AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C68FCC0-0327-4B35-8A3E-E448B804361A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9CA1A90C-87BD-4EB4-854A-DD432292CDAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A2083EF7-4E73-45AD-A54E-60CB371AF27B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2819C6E-1630-4B4F-AC81-CE57CB05F38F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A43D5C00-55BF-4256-BD4A-33439EE6B62D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A56C4767-18C0-4040-A31D-CEC67E90BDD9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{A5B590AB-B812-4800-9D84-50313EEB5B15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8D67428-D0CA-410C-A7A5-69BA44D46F52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACD58F91-892F-4D26-96C1-A3B676540F4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AEBA0D2C-93A8-4E8E-A852-8B728A7B7653}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B5B3B890-8E13-46DF-B377-E14A62B2E8DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5E133C5-F92E-4DC8-BACD-6777532D4D59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC13B011-9469-4253-A5C2-97E6D2DD42D2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{BFA3B303-8F6C-414A-9BCD-8AC96B4421E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{C03E944E-D228-4C72-B566-ACFF432AF4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{C99278B1-F46D-494B-88E2-3E1B5A96254F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CA5FB131-F887-4972-87C9-25AABD202966}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{CE0DFA6B-2FA4-4795-8EEB-1F2F20126820}" = dir=in | app=c:\users\mike\appdata\local\temp\7zs2f1e\oj6500ve709_full_14\setup\hpznui40.exe |
"{D3EEDDB3-16B7-4ED0-BE24-859C3F2FDF89}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{D6A2BC6B-804E-46CB-98B8-982B44FA8056}" = protocol=6 | dir=out | app=system |
"{DD21234E-E096-43A2-8C4A-AAB6D214CC36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF51A864-21DB-4B69-A764-035B94033572}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFA4EB67-8FB6-46C4-A1CB-D0879F378ABA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0561877-33BF-4FEE-93EA-B9F39A9E9A71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{E4C61EE1-167D-41E5-B2C1-76682C86328F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8DABAD6-840E-417C-B337-F2618C304E53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F3B4CEDE-7BA4-4726-97E6-9BC9D2EAA647}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA11CD28-A843-4666-A456-FDB8E7C6165D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FE2D877D-6FE4-48A1-8A6C-B392AC8CFBA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5071E947-0232-4B91-B926-CD77E7DD569C}" = BobCAD-CAM V21
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}" = LogMeIn
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OneTab" = OneTab
"Publishers Clearing House Prize Bar" = Publishers Clearing House Prize Bar
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"uc@uc.com" = Unfriend Checker
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1299830068-593041954-1282060008-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"HuluDesktop" = Hulu Desktop

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1299830068-593041954-1282060008-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 1/16/2013 10:05:43 PM | Computer Name = MIKE-HP | Source = DCOM | ID = 10010
Description =


< End of report >

#25 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 17 January 2013 - 09:18 PM

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 15:15:11
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : MIKE - MIKE-HP
# Boot Mode : Normal
# Running from : C:\Users\MIKE\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\MIKE\AppData\Local\Temp\boost_interprocess
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000100779
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2619 octets] - [17/01/2013 15:15:11]
########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########

#26 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 12:00 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
    O4 - HKU\S-1-5-21-1299830068-593041954-1282060008-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassoci...T-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

p22003266.jpg  p22003279.jpgp4279089.jpg


#27 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 12:35 AM

When I try and copy and paste the files you want to run fix for in OTL they do not look like what you showed. They seem to be all on the same line.

#28 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 12:40 AM

Farbar Service Scanner Version: 16-01-2013
Ran by MIKE (administrator) on 17-01-2013 at 18:39:40
Running from "C:\Users\MIKE\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#29 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 12:44 AM

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 11
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#30 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 12:50 AM

When I try and copy and paste the files you want to run fix for in OTL they do not look like what you showed

Do you copy them from your email notification or straight from this topic?

Just in case I'm attaching OTL fix as a text file.

Attached Files


p22003266.jpg  p22003279.jpgp4279089.jpg


#31 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 01:42 AM

C:\Users\MIKE\Downloads\CCleaner_Setup.exe a variant of Win32/Adware.iBryte.D application

#32 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 01:44 AM

I still need OTL fix result.
Please read my previous reply.

p22003266.jpg  p22003279.jpgp4279089.jpg


#33 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 01:50 AM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1C3A9A-5D23-423D-99E2-074DD326C232}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA1C3A9A-5D23-423D-99E2-074DD326C232}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1C3A9A-5D23-423D-99E2-074DD326C232}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1299830068-593041954-1282060008-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1299830068-593041954-1282060008-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: MIKE
->Temp folder emptied: 1504393 bytes
->Temporary Internet Files folder emptied: 93069318 bytes
->Java cache emptied: 15806 bytes
->Google Chrome cache emptied: 9045725 bytes
->Flash cache emptied: 1095 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41279 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 37346 bytes

Total Files Cleaned = 133.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: MIKE
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: MIKE
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_194428
Files\Folders moved on Reboot...
C:\Users\MIKE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P27IFTE2\50195490978b0466037aef5af0681265[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P27IFTE2\PIE[1].htc moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K9VNNB43\eec4b47b89ed52d7957c383ca9382bfc[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHLODZQO\7407185e[2].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4X8ND0RV\62[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4X8ND0RV\7848fda042ab754f96dbb54e9453ff6a[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4X8ND0RV\fastbutton[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4X8ND0RV\screen317_spywareinfoforum_org[1].htm moved successfully.
C:\Users\MIKE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

#34 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 01:51 AM

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

============================

Still same issue with IE?

p22003266.jpg  p22003279.jpgp4279089.jpg


#35 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 01:57 AM

No problems yet. You see anything that might have caused it? I know last night after we reset IE I still got the error and the computer locked

#36 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 01:59 AM

We did some more cleaning so it'd be hard to pinpoint exact culprit but I'm glad to see all is good now.

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla....US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...nning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingc...er-safe-online/

14. Please, let me know, how your computer is doing.

p22003266.jpg  p22003279.jpgp4279089.jpg


#37 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 02:05 AM

can you give me the text file like you did the other one I run. I am getting the same text all on one line again

#38 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 02:07 AM

Sure...

Attached Files


p22003266.jpg  p22003279.jpgp4279089.jpg


#39 lovegolf Re: [RESOLVED] I have some strange things that started a few days ago

lovegolf

    Member

  • Topic Starter
  • Members
  • 102 posts
  • 6 topics
    • Time Online: 22h 7m 6s
  • Joined January 14, 2013
  • Local time: 08:21 PM
  • Zodiac:Aquarius
  • OS:Windows XP
  • Country:
Offline

Posted 18 January 2013 - 02:08 AM

Its no big deal though, I can copy one line at a time. I apprecaite your help and lets hope this error does not come bacl. THANKS

#40 Broni Re: [RESOLVED] I have some strange things that started a few days ago

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,323 posts
  • 2,071 topics
    • Time Online: 210d 9h 34m 51s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 07:21 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Online

Posted 18 January 2013 - 02:09 AM

I attached it into my previous reply.

p22003266.jpg  p22003279.jpgp4279089.jpg





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users