TechSpot

Can't seem to clean rootkit rikvm

Solved
By Brianneedshelp
Mar 2, 2012
  1. I have run poewreraser with no luck this thing just is to sneeke I cant seam to removit it is slowing down my system & stoping som i cons from loading rikvm_C6F09094.sys

    Pleas help Ps wear do i past the saved filles from mbam gmer dds

    .
     
  2. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  3. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    5-step logs

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.02.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Brian :: BRIAN-HP-2 [administrator]

    3/2/2012 9:51:40 AM
    mbam-log-2012-03-02 (09-51-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 191050
    Time elapsed: 3 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 139
    HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.SkinLauncher (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.SkinLauncher.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.SkinLauncherSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.SkinLauncherSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 6
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 22
    C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\gen1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\jsifb (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\wbnotify (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Detected: 80
    C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
    C:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    (end)
     
  4. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    5-step logs

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-02 17:40:22
    Windows 6.1.7601 Service Pack 1
    Running: tqt0icso.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f77809
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f77809 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Brian at 11:39:09 on 2012-03-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.3995 [GMT -6:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Button Manager\BM.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\StikyNot.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BR4459N05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP\Button Manager\BM.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{62D9C838-4FC6-49E4-B99C-D99C27363C2B} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = DPPassFilter scecli
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNow Toolbar Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\
    FF - prefs.js: browser.search.defaulturl - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111104&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Brian\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
    FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-16 1157240]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120301.002\IDSviA64.sys [2012-3-1 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-28 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 CrossLoopService;CrossLoop Service;C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe [2011-12-29 569072]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-28 13336]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2012-2-11 138248]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-28 2655768]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-14 138360]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/28 00:32:58;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-28 245232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 tvnserver;TightVNC Server;C:\Users\Brian\AppData\Local\CrossLoop\tvnserver.exe [2011-12-29 814080]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== Created Last 30 ================
    .
    2012-03-02 16:43:28 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
    2012-03-02 15:50:49 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
    2012-03-02 15:50:43 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-02 15:50:43 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-02 15:50:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-01 14:11:18 16200 ----a-w- C:\Windows\stinger.sys
    2012-03-01 14:08:31 -------- d-----w- C:\Program Files (x86)\stinger
    2012-02-29 23:49:31 -------- d-----w- C:\Users\Brian\DoctorWeb
    2012-02-29 18:08:32 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-02-28 02:53:11 -------- d-----w- C:\Users\Brian\AppData\Local\{F1299CD3-C2BF-4935-A631-0B8D93DC21B8}
    2012-02-28 02:52:57 -------- d-----w- C:\Users\Brian\AppData\Local\{93D19997-418B-4D78-A175-9830E611C474}
    2012-02-25 14:34:58 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-02-22 22:45:54 -------- d-----w- C:\Program Files (x86)\Samsung
    2012-02-22 22:35:42 -------- d-----w- C:\Windows\SysWow64\Samsung_USB_Drivers
    2012-02-22 11:25:33 -------- d-----w- C:\Program Files (x86)\Coupons
    2012-02-22 11:25:10 778088 ------w- C:\Windows\System32\HPDiscoPMa011.dll
    2012-02-22 11:23:53 -------- d-----w- C:\Program Files\HP
    2012-02-14 21:45:40 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-14 21:45:40 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-14 21:45:39 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-14 21:45:39 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-14 21:45:38 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-14 21:45:38 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-14 21:45:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-14 21:45:36 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-11 18:45:52 738936 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\srtsp64.sys
    2012-02-11 18:45:52 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1305000.091\symds64.sys
    2012-02-11 18:45:52 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\symnets.sys
    2012-02-11 18:45:52 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\srtspx64.sys
    2012-02-11 18:45:52 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\ironx64.sys
    2012-02-11 18:45:52 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\ccsetx64.sys
    2012-02-11 18:45:52 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1305000.091\symefa64.sys
    2012-02-11 18:45:37 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1305000.091
    2012-02-11 18:29:24 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-02-11 18:29:24 -------- d-----w- C:\Program Files\Symantec
    2012-02-11 18:29:24 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-02-11 18:28:43 -------- d-----w- C:\Windows\System32\drivers\NAVx64
    2012-02-11 18:28:42 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2012-02-11 18:28:34 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-02-10 20:30:18 -------- d-----w- C:\Users\Brian\AppData\Local\{8040E164-3793-411C-A922-2CE8518F9570}
    2012-02-06 22:55:24 -------- d-----w- C:\Users\Brian\AppData\Local\CrashDumps
    2012-02-06 22:53:05 -------- d-----w- C:\Users\Brian\AppData\Local\Programs
    2012-02-06 22:29:29 -------- d-----w- C:\Users\Brian\AppData\Local\ArcSoft
    2012-02-06 22:28:04 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
    2012-02-06 22:27:40 212480 ----a-w- C:\Windows\PCDLIB32.DLL
    2012-02-06 22:26:33 -------- d-----w- C:\ProgramData\ArcSoft
    2012-02-06 22:26:03 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
    2012-02-06 22:25:56 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
    2012-02-06 05:15:34 -------- d-----w- C:\Users\Brian\AppData\Local\{F911358A-F41B-451A-8A50-994ED75CE1AB}
    2012-02-06 05:15:24 -------- d-----w- C:\Users\Brian\AppData\Local\{7D7A37FA-ED73-4170-B766-6515425B0EED}
    2012-02-06 05:15:05 -------- d-----w- C:\Users\Brian\AppData\Local\{F07E1BBC-5564-4535-971F-BB1329E62527}
    2012-02-06 05:15:05 -------- d-----w- C:\Users\Brian\AppData\Local\{E4E435E3-34DC-4535-BA76-3D33F2D2AFD5}
    .
    ==================== Find3M ====================
    .
    2012-02-29 18:08:25 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-19 20:28:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-05 22:50:23 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 11:39:39.03 ===============
     
  5. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    5-step logs

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/24/2011 1:03:32 PM
    System Uptime: 3/2/2012 10:43:59 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 159A
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 2001/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 667 GiB total, 366.251 GiB free.
    D: is FIXED (NTFS) - 32 GiB total, 4.367 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP114: 2/27/2012 5:26:55 PM - Removed Fliptoast
    RP115: 2/29/2012 10:18:26 AM - Norton_Power_Eraser_20120229101822222
    RP116: 2/29/2012 12:07:20 PM - Installed Java(TM) 6 Update 31
    RP117: 2/29/2012 5:14:21 PM - HPSF Restore Point
    RP118: 2/29/2012 5:29:16 PM - Norton_Power_Eraser_20120229172913194
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 4.65
    Adobe AIR
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Apple Application Support
    Apple Software Update
    ArcSoft VideoImpression 2
    ArcSoft WebCam Companion 2
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Contents
    Corel PaintShop Photo Pro X3
    Corel VideoStudio Pro X3
    Coupon Printer for Windows
    CrossLoop 2.81
    Crystal Reports for Visual Studio
    CyberLink DVD Suite
    D3DX10
    DeviceIO
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Dotfuscator Software Services - Community Edition
    DVD Menu Pack for HP MediaSmart Video
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Farm Frenzy
    FATE
    Fences Pro
    Final Drive Nitro
    Google Talk (remove only)
    Google Talk Plugin
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Button Manager
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Deskjet 3050A J611 series Help
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Photo Creations
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    HP Update
    HP Webcam User’s Guide
    HPDiagnosticAlert
    Hulu Desktop
    ICA
    IDT Audio
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    IPM_PSP_Pro
    IPM_VS_Pro
    ISCOM
    Java Auto Updater
    Java(TM) 6 Update 31
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    Microsoft WSE 3.0 Runtime
    Miro
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    Norton AntiVirus
    Pandora
    Penguins!
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PSPPContent
    PSPPRO_DCRAW
    PureHD
    PX Profile Update
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    RoxioNow Player
    Samsung PC Studio 3 USB Driver Installer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Setup
    Share
    Skype™ 4.2
    StartNow Toolbar
    swMSM
    Times Reader
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VIO
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.11
    VSClassic
    VSPro
    WCF RIA Services V1.0 SP1
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/2/2012 9:31:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/2/2012 9:28:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/2/2012 9:28:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/2/2012 9:28:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/2/2012 9:28:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/2/2012 9:28:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/2/2012 9:28:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The RoxioNow Service service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The My Web Search Service service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The CrossLoop Service service terminated unexpectedly. It has done this 1 time(s).
    3/1/2012 8:11:19 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    2/29/2012 6:36:55 PM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
    2/29/2012 1:31:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    2/29/2012 1:30:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    2/29/2012 1:30:42 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    new log do you whant me to clik fix in MBR

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-02 18:31:42
    -----------------------------
    18:31:42.896 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:31:42.896 Number of processors: 8 586 0x2A07
    18:31:42.896 ComputerName: BRIAN-HP-2 UserName: Brian
    18:31:44.550 Initialize success
    18:33:26.487 AVAST engine defs: 12030201
    18:34:19.357 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:34:19.357 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
    18:34:19.357 Disk 0 MBR read successfully
    18:34:19.357 Disk 0 MBR scan
    18:34:19.373 Disk 0 unknown MBR code
    18:34:19.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    18:34:19.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 682688 MB offset 409600
    18:34:19.420 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 32413 MB offset 1398554624
    18:34:19.435 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
    18:34:19.467 Disk 0 scanning C:\Windows\system32\drivers
    18:34:27.766 Service scanning
    18:34:50.027 Modules scanning
    18:34:50.027 Disk 0 trace - called modules:
    18:34:50.043 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    18:34:50.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006928790]
    18:34:50.043 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8006833b10]
    18:34:50.043 5 hpdskflt.sys[fffff88001dad189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006703050]
    18:34:52.211 AVAST engine scan C:\Windows
    18:34:55.783 AVAST engine scan C:\Windows\system32
    18:38:03.109 AVAST engine scan C:\Windows\system32\drivers
    18:38:19.738 AVAST engine scan C:\Users\Brian
    18:42:25.485 AVAST engine scan C:\ProgramData
    18:44:26.916 Scan finished successfully
    18:45:48.832 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
    18:45:48.847 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
    Boot sector MD5 is: 6f122e906468e0c150335495bc2a7148

    Size Device Name MBR Status
    --------------------------------------------
    698 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    combofix log

    ComboFix 12-03-02.01 - Brian 03/02/2012 19:22:02.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.3215 [GMT -6:00]
    Running from: c:\users\Brian\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\searchplugins\bing-zugo.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-03 01:27 . 2012-03-03 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-02 16:43 . 2012-03-02 16:43 96376 ----a-w- c:\windows\system32\drivers\SMR250.SYS
    2012-03-02 15:50 . 2012-03-02 15:50 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
    2012-03-02 15:50 . 2012-03-02 15:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-02 15:50 . 2012-03-02 15:50 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 15:50 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 14:11 . 2012-03-01 14:11 16200 ----a-w- c:\windows\stinger.sys
    2012-03-01 14:08 . 2012-03-01 14:17 -------- d-----w- c:\program files (x86)\stinger
    2012-02-29 23:49 . 2012-02-29 23:49 -------- d-----w- c:\users\Brian\DoctorWeb
    2012-02-29 18:08 . 2012-02-29 18:08 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-02-29 18:08 . 2012-02-29 18:08 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-02-25 14:34 . 2012-02-27 23:27 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-02-22 22:45 . 2012-02-22 22:45 -------- d-----w- c:\program files (x86)\Samsung
    2012-02-22 22:35 . 2012-02-22 22:37 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers
    2012-02-22 11:25 . 2012-02-22 11:25 -------- d-----w- c:\program files (x86)\Coupons
    2012-02-22 11:25 . 2011-06-09 00:35 778088 ------w- c:\windows\system32\HPDiscoPMa011.dll
    2012-02-22 11:23 . 2012-02-22 11:23 -------- d-----w- c:\program files\HP
    2012-02-14 21:45 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-14 21:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-14 21:45 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-14 21:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-14 21:45 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 21:45 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-14 21:45 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-14 21:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-11 18:29 . 2012-02-11 18:47 -------- d-----w- c:\program files\Symantec
    2012-02-11 18:29 . 2012-02-11 18:47 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-02-11 18:29 . 2012-02-11 18:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-02-11 18:28 . 2012-02-11 18:49 -------- d-----w- c:\windows\system32\drivers\NAVx64
    2012-02-11 18:28 . 2012-02-11 18:28 -------- d-----w- c:\program files (x86)\Norton AntiVirus
    2012-02-11 18:28 . 2012-02-11 18:28 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-02-06 22:55 . 2012-02-06 22:55 -------- d-----w- c:\users\Brian\AppData\Local\CrashDumps
    2012-02-06 22:53 . 2012-02-06 22:53 -------- d-----w- c:\users\Brian\AppData\Local\Programs
    2012-02-06 22:44 . 2012-02-09 02:23 -------- d-----w- c:\program files (x86)\ArcSoft
    2012-02-06 22:34 . 2012-02-06 23:12 -------- d-----w- c:\users\Brian\AppData\Roaming\ArcSoft
    2012-02-06 22:29 . 2012-02-06 22:29 -------- d-----w- c:\users\Brian\AppData\Local\ArcSoft
    2012-02-06 22:28 . 2012-02-06 22:28 -------- d-----w- c:\users\Brian\AppData\Roaming\InstallShield
    2012-02-06 22:28 . 2006-11-14 17:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
    2012-02-06 22:27 . 1995-08-01 10:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2012-02-06 22:26 . 2012-02-07 22:56 -------- d-----w- c:\programdata\ArcSoft
    2012-02-06 22:26 . 2005-04-27 22:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
    2012-02-06 22:25 . 2006-03-30 22:53 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
    2012-02-06 22:25 . 2012-02-06 22:44 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-29 18:08 . 2010-11-04 19:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-19 20:28 . 2011-10-26 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-05 22:50 . 2012-01-31 22:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-01-30 05:22 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-26 05:42 . 2011-10-25 19:13 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 2676584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
    HP Button Manager.lnk - c:\program files (x86)\HP\Button Manager\BM.exe [2012-2-6 249856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ DPPassFilter scecli
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/28 00:32;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CrossLoopService;CrossLoop Service;c:\users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tvnserver;TightVNC Server;c:\users\Brian\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-07 1157240]
    S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120301.002\IDSvia64.sys [2012-02-10 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-30 2655768]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-15 138360]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    *Deregistered* - CLKMDRV10_C6F09094
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001Core.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 11:03]
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001UA.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 11:03]
    .
    2012-02-29 c:\windows\Tasks\HPCeeScheduleForBrian.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\
    FF - prefs.js: browser.search.defaulturl - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111104&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-02 19:35:01
    ComboFix-quarantined-files.txt 2012-03-03 01:35
    .
    Pre-Run: 399,867,211,776 bytes free
    Post-Run: 399,542,910,976 bytes free
    .
    - - End Of File - - D267CDA9F22D066E608C57F26DC4E19A
     
  10. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    oldtimer scan

    nothing has changed my i cons still no load & on re-boot there is a comand line box that flash then it disepers
     
     
  12. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    otl secondhalfe fille one

    duplicate.....
     
  13. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    duplicate....
     
  14. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    extras

    OTL logfile created on: 3/2/2012 8:32:22 PM - Run 1
    OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Brian\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.17% Memory free
    11.96 Gb Paging File | 9.78 Gb Available in Paging File | 81.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 666.69 Gb Total Space | 372.17 Gb Free Space | 55.82% Space Free | Partition Type: NTFS
    Drive D: | 31.65 Gb Total Space | 4.37 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-HP-2 | User Name: Brian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/02 20:22:48 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exe
    PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe
    PRC - [2011/09/07 09:59:00 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/06/14 13:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/09/30 04:25:20 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/09/30 04:25:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/09/03 19:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/17 19:04:42 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\HP\Button Manager\BM.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/15 03:40:39 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4b85a1c3a087ec17faf5dbac91a33cd7\IAStorUtil.ni.dll
    MOD - [2012/02/15 03:30:58 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
    MOD - [2012/02/15 03:30:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/15 03:30:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012/02/15 03:30:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012/02/15 03:30:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
    MOD - [2012/02/15 03:30:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/02/15 03:30:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012/02/15 03:30:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2011/10/25 14:51:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\bbafa019e3f7c09d1a3997264ba0a9ad\IAStorCommon.ni.dll
    MOD - [2011/10/25 14:47:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/06/17 19:04:42 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\HP\Button Manager\BM.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/09/15 13:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV:64bit: - [2010/09/09 16:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/07/22 04:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/02/23 09:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe -- (NAV)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/07 09:59:00 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/09/30 04:25:20 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/09/30 04:25:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/09/21 17:52:04 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
    SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Brian\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
    SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/02/23 09:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/11 12:47:08 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.sys -- (ccSet_NAV)
    DRV:64bit: - [2011/10/28 10:37:56 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/25 12:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/17 01:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/09/09 16:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/09/09 15:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/09/03 19:13:32 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/07/22 04:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/07/20 15:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/07/20 15:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/07/20 15:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/07/14 08:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2010/06/17 19:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/05/06 07:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/03/02 16:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2012/03/02 13:56:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120302.002\ex64.sys -- (NAVEX15)
    DRV - [2012/03/02 13:56:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120302.002\eng64.sys -- (NAVENG)
    DRV - [2012/02/14 21:46:51 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/11 12:37:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/02/10 16:27:58 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120301.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/02/07 06:18:36 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z129&install_date=20111104
    IE - HKU\..\SearchScopes,DefaultScope = {899B35FF-D18B-8FBB-580A-E99390A9E0B2}
    IE - HKU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111104&iesrc={referrer:source}
    IE - HKU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\..\SearchScopes\{D668A068-2B89-F2FF-84F6-0EF49F50FF3D}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z141&form=ZGAIDF&install_date=20111026&iesrc={referrer:source}
    IE - HKU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
    IE - HKU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
  15. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "Bing"
    FF - prefs.js..browser.search.order.1: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://www.msn.com/"
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111104&q="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files (x86)\EpicPlay\npEpicHost.dll File not found
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Brian\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/02/28 02:52:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/02/11 12:43:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/22 05:25:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/29 12:08:32 | 000,000,000 | ---D | M]

    [2011/11/04 14:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
    [2012/03/02 19:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions
    [2012/01/25 21:36:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/02/14 17:09:31 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    [2011/11/18 12:12:29 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2012/02/14 10:34:37 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3uuj7dmi.default\extensions\m3ffxtbr@mywebsearch.com
    [2012/02/29 12:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/29 12:08:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/02/11 12:43:12 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPLGN
    [2012/02/17 17:11:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/29 12:08:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/11/17 11:14:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/02 19:27:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62D9C838-4FC6-49E4-B99C-D99C27363C2B}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-3369622933-3730519443-2053727403-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
    Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/02 20:26:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/02 19:35:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/02 19:20:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/02 19:20:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/02 19:20:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/02 19:20:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/02 19:18:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/02 19:16:38 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
    [2012/03/02 18:30:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
    [2012/03/02 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
    [2012/03/02 09:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/02 09:50:43 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/02 09:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/03/02 09:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/01 08:11:18 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/03/01 08:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
    [2012/02/29 17:49:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\DoctorWeb
    [2012/02/29 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/02/29 12:08:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/02/29 12:08:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/02/29 12:08:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/02/27 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{F1299CD3-C2BF-4935-A631-0B8D93DC21B8}
    [2012/02/27 20:52:57 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{93D19997-418B-4D78-A175-9830E611C474}
    [2012/02/25 08:34:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2012/02/22 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2012/02/22 16:35:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
    [2012/02/22 05:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/02/22 05:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/02/22 05:25:10 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMa011.dll
    [2012/02/22 05:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/02/15 03:00:49 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/02/15 03:00:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/02/15 03:00:47 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/02/15 03:00:47 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/02/15 03:00:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/02/15 03:00:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/02/15 03:00:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/02/15 03:00:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/02/15 03:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/02/15 03:00:46 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/02/15 03:00:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/02/14 15:45:40 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
    [2012/02/14 15:45:39 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
    [2012/02/14 15:45:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
    [2012/02/14 15:45:36 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
    [2012/02/11 12:45:52 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa64.sys
    [2012/02/11 12:45:52 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.sys
    [2012/02/11 12:45:52 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds64.sys
    [2012/02/11 12:45:52 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnets.sys
    [2012/02/11 12:45:52 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ironx64.sys
    [2012/02/11 12:45:52 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.sys
    [2012/02/11 12:45:52 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.sys
    [2012/02/11 12:45:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091
    [2012/02/11 12:29:24 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/02/11 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/02/11 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/02/11 12:28:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
    [2012/02/11 12:28:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    [2012/02/11 12:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
    [2012/02/11 12:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2012/02/10 14:30:18 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{8040E164-3793-411C-A922-2CE8518F9570}
    [2012/02/06 17:13:08 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\My Albums
    [2012/02/06 16:56:47 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\WebCam Albums
    [2012/02/06 16:55:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\CrashDumps
    [2012/02/06 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Programs
    [2012/02/06 16:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 2
    [2012/02/06 16:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft VideoImpression 2
    [2012/02/06 16:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    [2012/02/06 16:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
    [2012/02/06 16:34:56 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\ArcSoft
    [2012/02/06 16:29:29 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ArcSoft
    [2012/02/06 16:28:55 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\InstallShield
    [2012/02/06 16:28:04 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
    [2012/02/06 16:27:40 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
    [2012/02/06 16:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2012/02/06 16:26:03 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
    [2012/02/06 16:25:56 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
    [2012/02/06 16:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
    [2012/02/06 16:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    [2012/02/05 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{F911358A-F41B-451A-8A50-994ED75CE1AB}
    [2012/02/05 23:15:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{7D7A37FA-ED73-4170-B766-6515425B0EED}
    [2012/02/05 23:15:05 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{F07E1BBC-5564-4535-971F-BB1329E62527}
    [2012/02/05 23:15:05 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{E4E435E3-34DC-4535-BA76-3D33F2D2AFD5}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/02 20:34:53 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/02 20:34:53 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/02 20:25:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/02 20:25:02 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/02 20:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001UA.job
    [2012/03/02 19:27:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/02 19:16:09 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
    [2012/03/02 18:45:48 | 000,000,512 | ---- | M] () -- C:\Users\Brian\Desktop\MBR.dat
    [2012/03/02 18:30:57 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Brian\Desktop\boot_cleaner.exe
    [2012/03/02 18:28:20 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
    [2012/03/02 16:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001Core.job
    [2012/03/02 09:50:44 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/01 08:11:18 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/03/01 08:06:11 | 002,335,270 | ---- | M] () -- C:\Windows\SysWow64\613DA6.mht
    [2012/02/29 17:19:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
    [2012/02/29 12:08:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012/02/29 12:08:25 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/02/29 12:08:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/02/29 12:08:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/02/29 10:06:46 | 000,451,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/29 09:42:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/27 20:54:47 | 000,872,330 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/27 20:54:47 | 000,726,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/27 20:54:47 | 000,146,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/23 14:54:55 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/02/22 05:25:10 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:25:09 | 001,962,722 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\Cat.DB
    [2012/02/22 05:25:09 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:25:09 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:23:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/02/21 18:18:55 | 000,289,239 | ---- | M] () -- C:\Users\Brian\Documents\shepards pie.xps
    [2012/02/19 14:28:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/02/15 07:33:30 | 000,866,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/12 19:57:53 | 001,667,217 | ---- | M] () -- C:\Users\Public\Documents\sheperds pie.xps
    [2012/02/11 12:49:42 | 000,002,410 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2012/02/11 12:48:25 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\VT20111023.024
    [2012/02/11 12:47:08 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/02/11 12:47:08 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/02/11 12:47:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/02/06 16:46:30 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\WebCam Companion 2.lnk
    [2012/02/06 16:45:58 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Video Impression 2.lnk
    [2012/02/06 16:45:15 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Webcam User’s Guide.lnk
    [2012/02/06 16:29:06 | 000,001,706 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
    [2012/02/05 16:50:23 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


    [2011/02/28 02:43:16 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2011/02/28 02:43:55 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/11/04 13:24:57 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/11/04 13:29:04 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2011/02/28 02:44:19 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    ========== Files Created - No Company Name ==========

    [2012/03/02 19:20:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/02 19:20:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/02 19:20:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/02 19:20:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/02 19:20:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/02 18:45:48 | 000,000,512 | ---- | C] () -- C:\Users\Brian\Desktop\MBR.dat
    [2012/03/02 09:50:44 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/01 08:06:11 | 002,335,270 | ---- | C] () -- C:\Windows\SysWow64\613DA6.mht
    [2012/02/29 10:06:33 | 000,451,192 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/22 05:25:10 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:25:09 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:25:09 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
    [2012/02/22 05:23:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/02/21 18:18:52 | 000,289,239 | ---- | C] () -- C:\Users\Brian\Documents\shepards pie.xps
    [2012/02/12 19:57:49 | 001,667,217 | ---- | C] () -- C:\Users\Public\Documents\sheperds pie.xps
    [2012/02/11 12:48:25 | 001,962,722 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\Cat.DB
    [2012/02/11 12:48:25 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\VT20111023.024
    [2012/02/11 12:45:52 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds64.cat
    [2012/02/11 12:45:52 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.cat
    [2012/02/11 12:45:52 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.cat
    [2012/02/11 12:45:52 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa64.cat
    [2012/02/11 12:45:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnet64.cat
    [2012/02/11 12:45:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.cat
    [2012/02/11 12:45:52 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\iron.cat
    [2012/02/11 12:45:52 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa.inf
    [2012/02/11 12:45:52 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds.inf
    [2012/02/11 12:45:52 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnet.inf
    [2012/02/11 12:45:52 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.inf
    [2012/02/11 12:45:52 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.inf
    [2012/02/11 12:45:52 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.inf
    [2012/02/11 12:45:52 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\iron.inf
    [2012/02/11 12:45:37 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symvtcer.dat
    [2012/02/11 12:45:37 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\isolate.ini
    [2012/02/11 12:29:24 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/02/11 12:29:24 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/02/11 12:29:19 | 000,002,410 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2012/02/06 16:46:28 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\WebCam Companion 2.lnk
    [2012/02/06 16:45:58 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Video Impression 2.lnk
    [2012/02/06 16:45:15 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Webcam User’s Guide.lnk
    [2012/02/06 16:29:06 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
    [2012/02/06 16:20:55 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/01/31 16:33:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/10/26 11:05:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/10/25 13:03:20 | 000,866,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/28 02:30:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/02/28 02:25:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/02/28 02:23:27 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2011/02/28 02:22:46 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2011/02/28 02:22:46 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/12/17 01:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2010/11/04 13:37:46 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2010/06/15 20:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2012/03/02 19:35:01 | 000,035,780 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/02 20:25:02 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/02 20:25:07 | 2128,461,823 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/10/24 13:13:57 | 000,000,221 | -HS- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/02 18:28:20 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
    [2012/03/02 18:30:57 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Brian\Desktop\boot_cleaner.exe
    [2012/03/02 19:16:09 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/02 16:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001Core.job
    [2012/03/02 20:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3369622933-3730519443-2053727403-1001UA.job
    [2012/02/29 17:19:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
    [2012/03/02 20:25:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/13 23:08:49 | 000,031,744 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/15 07:23:15 | 000,000,402 | -HS- | M] () -- C:\Users\Brian\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/22 05:23:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/02/22 09:51:18 | 000,006,175 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2012/02/05 16:50:23 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/02/28 02:44:02 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/11/04 13:29:30 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2011/02/28 02:43:44 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/11/04 13:25:53 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2011/02/28 02:43:16 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2011/02/28 02:43:55 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/11/04 13:24:57 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/11/04 13:29:04 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2011/02/28 02:44:19 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    I still need Extras.txt.
     
  18. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    extras.txt 1-of-3 post

    duplicate....
     
  19. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    2-of3

    duplicate...
     
  20. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    3-of-3

    duplicate...
     
  21. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    computer stat no joy

    it seams that the bug is giting stronger know it is trying to redirect me in firefox as well as on re-boot there is a camand edit box that flashes for a sec then gone I cons still not loding
     
  22. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    was the corect fille pastid

    did I give you the wright extras.txt fille
     
  23. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    there were to extra txt filles here is number 2 /1 -of-3

    OTL Extras logfile created on: 3/2/2012 8:32:22 PM - Run 1
    OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Brian\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.17% Memory free
    11.96 Gb Paging File | 9.78 Gb Available in Paging File | 81.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 666.69 Gb Total Space | 372.17 Gb Free Space | 55.82% Space Free | Partition Type: NTFS
    Drive D: | 31.65 Gb Total Space | 4.37 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-HP-2 | User Name: Brian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3369622933-3730519443-2053727403-1001\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .pif [@ = piffile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
  24. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    2-of3

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
    "{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
    "{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9705720D-1EE1-BAEC-8DE8-D320386FD72F}" = ATI Catalyst Install Manager
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
    "{C29EFC9A-8013-2CE7-06BD-A758D3E9A0CD}" = ccc-utility64
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
    "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
    "{01C00A84-1735-DC96-C9E7-E58FBE4E45E8}" = CCC Help Chinese Traditional
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{045C16AD-B2E5-43D0-BB51-2F1987D91038}" = HP Documentation
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{1857C022-C1CD-B6FC-C42D-8DFDC7172B70}" = CCC Help English
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1BD7620A-E5D9-4E57-A7A1-08BFA9005BAC}" = Bing Bar
    "{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{22E0435B-757A-AD98-264C-0A4AA3690831}" = CCC Help Spanish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{277AEF05-D6FB-47F1-17AB-E2DA3827EAD6}" = CCC Help Swedish
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B9D24D0-5DE9-64F7-5EA7-DC1ACECC8282}" = CCC Help Norwegian
    "{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}" = ArcSoft WebCam Companion 2
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40E94520-B394-2EA8-8664-ADFFC611783C}" = CCC Help Polish
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C1FCA59-F16F-84EC-3C92-D7407EB82562}" = CCC Help Chinese Standard
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68E65DEF-C2E8-83E3-E327-B3F8C4FDCFD2}" = CCC Help Korean
    "{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6E7EB33D-989E-C4F3-7D1A-09FDEC83E144}" = CCC Help Russian
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70D50054-7473-C4F0-F4A6-C5EDFC464C69}" = CCC Help Finnish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{719842F9-FF69-4BA6-A6FE-52244575E0B3}" = ArcSoft VideoImpression 2
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8B7B738B-90E4-83AC-515B-22E3304AA06E}" = CCC Help German
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3
     
  25. Brianneedshelp

    Brianneedshelp TS Member Topic Starter Posts: 77

    3-of-3

    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92A2E97D-7C1C-0710-C6D8-13977C8B48AA}" = CCC Help Greek
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97539F33-496C-1D37-964A-5A7952824839}" = Catalyst Control Center Graphics Previews Vista
    "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B0D048D-FF81-B725-A567-6AC84FF23E15}" = CCC Help Portuguese
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A4F629E5-EFDE-371E-33D5-8749A3A34704}" = PX Profile Update
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B1951667-F3A9-9DD4-A05F-D1E03688D4A5}" = ccc-core-static
    "{B34A96AE-03BC-32B1-42D2-931EEDE8D016}" = CCC Help Italian
    "{BA5D7595-B18C-C29D-E031-FC40A9AAD947}" = Catalyst Control Center Localization All
    "{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch
    "{BBE693A6-2481-FDD6-AEB5-39AB81B2D96B}" = CCC Help Hungarian
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5CD3757-C3F6-7B11-5546-D9A271519937}" = CCC Help French
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC648CEB-5A6F-8692-1E3A-469BEECD773A}" = Catalyst Control Center InstallProxy
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{CD9ACDC0-E9A4-E969-6867-04BAD8FFBCF6}" = Catalyst Control Center Graphics Previews Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D11CF177-AA3B-2CF1-6647-F9666C5E8231}" = CCC Help Turkish
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
    "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
    "{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
    "{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User’s Guide
    "{D351842E-D93B-5E33-961D-6C02467341C4}" = CCC Help Thai
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
    "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E60A300A-D251-03FB-B50F-33DFB54A9657}" = CCC Help Dutch
    "{E660751F-6554-385D-7269-7D8B2707EA49}" = CCC Help Czech
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
    "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
    "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
    "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
    "{F8423392-2296-4748-9B66-344432459632}" = PureHD
    "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
    "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
    "{FA439F3E-1B33-C2A1-90C4-4A9D85EAF782}" = CCC Help Danish
    "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FCE26600-665A-C665-660E-72D3F2E30370}" = CCC Help Japanese
    "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "CrossLoop_is1" = CrossLoop 2.81
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Fences Pro" = Fences Pro
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Miro" = Miro
    "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "NAV" = Norton AntiVirus
    "StartNow Toolbar" = StartNow Toolbar
    "VLC media player" = VLC media player 1.1.11
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZumoDrive" = HP CloudDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3369622933-3730519443-2053727403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.