Crazy- I just re-ran spybot and it's still finding the yieldmanager thing. I guess I'm stuck with it. oh well.
thanks for your help!
Crazy- I just re-ran spybot and it's still finding the yieldmanager thing. I guess I'm stuck with it. oh well.
thanks for your help!
Lets see if we can pinpoint where its at. First add this to the blocked sites in both IE and FF yieldmanager.net and .content.yieldmanager.com
Then run Spybot again and post the log from the scan
Last edited by ken545; 2012-03-19 at 12:12.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
here is the spybot log:
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698
Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152
--- Process list ---
PID: 0 ( 0) [System]
PID: 2952 ( 696) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3608 (1432) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4080 (2016) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 3284 (2016) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 3748 (2016) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3840 (2016) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 3296 (2016) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 3084 (3744) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 4160 (3284) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 4228 (3744) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 4264 (3744) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 4300 (3744) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4456 ( 696) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 5000 (3296) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 5112 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 2612 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 3556 ( 696) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 980 (2016) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 460 ( 448) csrss.exe
PID: 468 ( 388) wininit.exe
size: 96256
PID: 516 ( 448) winlogon.exe
PID: 564 ( 468) services.exe
PID: 572 ( 468) lsass.exe
PID: 580 ( 468) lsm.exe
PID: 696 ( 564) svchost.exe
size: 20992
PID: 764 ( 564) svchost.exe
size: 20992
PID: 864 ( 564) svchost.exe
size: 20992
PID: 896 ( 564) svchost.exe
size: 20992
PID: 924 ( 564) svchost.exe
size: 20992
PID: 948 ( 564) stacsv64.exe
PID: 712 ( 564) svchost.exe
size: 20992
PID: 1132 ( 564) Smc.exe
PID: 1228 ( 564) svchost.exe
size: 20992
PID: 1304 ( 564) ccSvcHst.exe
PID: 1432 ( 564) AAWService.exe
PID: 1588 ( 564) spoolsv.exe
PID: 1616 ( 564) svchost.exe
size: 20992
PID: 1760 ( 564) SASCore64.exe
PID: 1804 ( 564) AESTSr64.exe
PID: 1836 ( 564) agr64svc.exe
PID: 1892 ( 564) AppleMobileDeviceService.exe
PID: 1912 ( 564) C:\Windows\System32\taskhost.exe
PID: 1992 ( 896) C:\Windows\System32\dwm.exe
PID: 2016 (1948) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 380 ( 564) SeaPort.EXE
PID: 1192 ( 564) mDNSResponder.exe
PID: 1496 ( 564) svchost.exe
size: 20992
PID: 364 ( 564) HPDrvMntSvc.exe
PID: 1880 ( 564) svchost.exe
size: 20992
PID: 1208 ( 564) LSSrvc.exe
PID: 2196 ( 564) svchost.exe
size: 20992
PID: 2236 ( 564) svchost.exe
size: 20992
PID: 2280 ( 564) RichVideo.exe
PID: 2304 ( 564) svchost.exe
size: 20992
PID: 2336 ( 564) Rtvscan.exe
PID: 2452 (1132) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 2560 ( 696) unsecapp.exe
PID: 2660 ( 696) WmiPrvSE.exe
PID: 2668 ( 564) WLIDSVC.EXE
PID: 2824 ( 564) SDWinSec.exe
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2880 (2668) WLIDSVCM.EXE
PID: 2652 ( 564) svchost.exe
size: 20992
PID: 3260 ( 564) svchost.exe
size: 20992
PID: 3936 (2016) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 3944 (2016) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 3960 (2016) C:\Windows\System32\hkcmd.exe
PID: 3972 (2016) C:\Windows\System32\igfxpers.exe
PID: 3492 (2016) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 392 ( 564) SearchIndexer.exe
size: 427520
PID: 3956 (3936) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 1100 (3744) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 4272 ( 460) C:\Windows\System32\conhost.exe
PID: 4764 ( 564) iPodService.exe
PID: 4880 ( 564) wmpnetwk.exe
PID: 2288 ( 564) hpqWmiEx.exe
PID: 708 (3556) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 3012 ( 564) svchost.exe
size: 20992
PID: 5580 ( 696) dllhost.exe
size: 7168
PID: 6072 ( 564) OSPPSVC.EXE
PID: 4688 ( 564) HPSA_Service.exe
PID: 1812 ( 564) IntuitUpdateService.exe
PID: 5572 ( 564) IntuitUpdateService.exe
PID: 5292 ( 564) svchost.exe
size: 20992
PID: 2596 ( 564) PresentationFontCache.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/19/2012 7:38:04 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
I dont see any trace of it on your Spybot log
Download and Run SystemLook
You need to run the 64Bit version
http://jpshortstuff.247fixes.com/bet...emLook_x64.exe
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::filefind yieldmanager.net content.yieldmanager.com :regfind yieldmanager.net content.yieldmanager.com- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Here is the log - didn't seem to find anything.
Quite the contrary, it found it in the windows registry
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\yieldmanager.net]
[-HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\yieldmanager.net]
Then reboot and run Spybot again and if it shows up post the report so I can see where it is
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
still there :(
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698
Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152
--- Process list ---
PID: 0 ( 0) [System]
PID: 3388 ( 696) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3988 (3184) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 4064 (3184) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 3196 (3184) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 212 (3184) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 1048 (3184) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 3912 (4064) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 576 (3784) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 4180 (3784) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 4200 (3784) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 4208 (3784) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 4240 (3784) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4560 (1468) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4680 (1048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 4808 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 5072 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 4428 (3184) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 560 ( 696) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 4532 (3184) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
size: 15759200
MD5: C99E4311B92365522C0F9EA8E1527840
PID: 5948 (3924) C:\Windows\sysWow64\SearchProtocolHost.exe
size: 164352
MD5: E1AC89F6C5252057E6062843E36A6701
PID: 4040 (4532) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924600
MD5: 637F2BDC0E53704D121DDD27A1F62090
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 460 ( 448) csrss.exe
PID: 468 ( 388) wininit.exe
size: 96256
PID: 516 ( 448) winlogon.exe
PID: 564 ( 468) services.exe
PID: 572 ( 468) lsass.exe
PID: 580 ( 468) lsm.exe
PID: 696 ( 564) svchost.exe
size: 20992
PID: 772 ( 564) svchost.exe
size: 20992
PID: 860 ( 564) svchost.exe
size: 20992
PID: 908 ( 564) svchost.exe
size: 20992
PID: 952 ( 564) svchost.exe
size: 20992
PID: 980 ( 564) stacsv64.exe
PID: 844 ( 564) svchost.exe
size: 20992
PID: 1072 ( 564) Smc.exe
PID: 1200 ( 564) svchost.exe
size: 20992
PID: 1272 ( 564) ccSvcHst.exe
PID: 1468 ( 564) AAWService.exe
PID: 1648 ( 564) spoolsv.exe
PID: 1700 ( 564) svchost.exe
size: 20992
PID: 1836 ( 564) SASCore64.exe
PID: 1856 ( 564) AESTSr64.exe
PID: 1888 ( 564) agr64svc.exe
PID: 1908 ( 564) AppleMobileDeviceService.exe
PID: 1944 ( 564) SeaPort.EXE
PID: 1984 ( 564) mDNSResponder.exe
PID: 2016 ( 564) svchost.exe
size: 20992
PID: 1088 ( 564) HPDrvMntSvc.exe
PID: 1304 ( 564) svchost.exe
size: 20992
PID: 1504 ( 564) LSSrvc.exe
PID: 2092 ( 564) RichVideo.exe
PID: 2140 ( 564) svchost.exe
size: 20992
PID: 2164 ( 564) Rtvscan.exe
PID: 2236 ( 564) WLIDSVC.EXE
PID: 2300 ( 564) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2324 (2236) WLIDSVCM.EXE
PID: 2540 ( 696) unsecapp.exe
PID: 2680 ( 696) WmiPrvSE.exe
PID: 2744 ( 564) svchost.exe
size: 20992
PID: 2852 ( 564) svchost.exe
size: 20992
PID: 2256 ( 564) C:\Windows\System32\taskhost.exe
PID: 3156 ( 908) C:\Windows\System32\dwm.exe
PID: 3184 (3092) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 3268 (1072) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 3940 (3184) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 3948 (3184) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 3964 (3184) C:\Windows\System32\hkcmd.exe
PID: 3972 (3184) C:\Windows\System32\igfxpers.exe
PID: 3792 (3184) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 3924 ( 564) SearchIndexer.exe
size: 427520
PID: 4056 (3940) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 288 (3784) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 1080 ( 460) C:\Windows\System32\conhost.exe
PID: 4220 ( 564) wmpnetwk.exe
PID: 4732 ( 564) iPodService.exe
PID: 2724 ( 564) hpqWmiEx.exe
PID: 4580 ( 560) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 4276 ( 564) svchost.exe
size: 20992
PID: 5428 ( 564) HPSA_Service.exe
PID: 5492 ( 564) IntuitUpdateService.exe
PID: 5556 ( 696) dllhost.exe
size: 7168
PID: 5716 ( 564) IntuitUpdateService.exe
PID: 5404 ( 564) svchost.exe
size: 20992
PID: 1608 ( 860) audiodg.exe
PID: 6012 ( 564) svchost.exe
size: 20992
PID: 5916 ( 564) OSPPSVC.EXE
PID: 3408 (3924) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: A6CD6B3F71E13E2E45B727FB8A47EA87
PID: 2788 ( 564) svchost.exe
size: 20992
PID: 6320 (3924) SearchProtocolHost.exe
size: 164352
PID: 6412 ( 564) svchost.exe
size: 20992
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/20/2012 2:37:06 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
This is a bogus program
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
You have the TeaTimer active in Spybot, it may be preventing the removal of Yieldmanager.
- Run Spybot-S&D in Advanced Mode.
- If it is not already set to do this Go to the Mode menu select "Advanced Mode"
- On the left hand side, Click on Tools
- Then click on the Resident Icon in the List
- Uncheck "Resident TeaTimer" and OK any prompts.
- Restart your computer.<--You need to do this for it to take effect
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I turned off teatime and reran spybot, removed it, and re ran it and it was still there. But for the future, should I leave that Teatimer turned off?
what about the 'helloworld', do I need to do something with that?
meanwhile, here is the extra log from OTL. otl to follow in another post.
OTL Extras logfile created on: 3/20/2012 8:30:29 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.18% Memory free
7.81 Gb Paging File | 5.84 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 206.11 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EC00E62-AA90-4016-AA27-B2CD0FD17B3A}" = Cruise Shark
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
"{76AD2AAC-14EE-4CE3-958A-BB3DF65E7F06}" = USB-Ir Adapter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{A19E1C26-6DAF-AFDC-4EFF-EFF7FA36F72D}" = Jacquie Lawson London Advent Calendar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1653171-8073-03A8-353B-3E6139E154A9}" = KODAK Gallery Upload Software
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Presenter 7" = Adobe Presenter 7
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"com.kodakgallery.AirUploader" = KODAK Gallery Upload Software
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"ePatLauncher" = ePatLauncher
"Google Calendar Sync" = Google Calendar Sync
"Homepage Protection" = Homepage Protection
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"JLAdventCalendarLondon2011" = Jacquie Lawson London Advent Calendar
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9158
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9158
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17118536
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17118536
Error - 11/17/2011 2:04:21 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 11/17/2011 3:12:08 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 11/17/2011 4:00:23 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Courtney’s\032Library._home-sharing._tcp.local.
port 3689.
Error - 11/17/2011 4:00:50 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ Hewlett-Packard Events ]
Error - 12/29/2011 7:55:52 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 1/5/2012 8:51:33 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 1/12/2012 5:28:55 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/2/2012 2:18:49 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/9/2012 12:21:56 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/9/2012 12:23:09 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 3/1/2012 4:06:46 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 3/6/2012 5:30:13 PM | Computer Name = Courtney-NB2 | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
Utilization: 50 TargetSite: Void SyncMessengerWithNotifySettings()
Error - 3/6/2012 5:30:16 PM | Computer Name = Courtney-NB2 | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
Utilization: 50 TargetSite: Void SyncMessengerWithNotifySettings()
Error - 3/12/2012 12:15:47 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
[ System Events ]
Error - 9/7/2011 8:14:30 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 9/8/2011 1:03:37 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/8/2011 7:40:07 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/9/2011 9:01:36 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/11/2011 7:01:51 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/12/2011 2:40:17 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/13/2011 11:07:03 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/13/2011 6:48:48 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/16/2011 8:16:28 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/16/2011 8:22:41 AM | Computer Name = Courtney-NB2 | Source = DCOM | ID = 10010
Description =
< End of report >
and the OTL.txt:
OTL logfile created on: 3/20/2012 8:30:29 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.18% Memory free
7.81 Gb Paging File | 5.84 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 206.11 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 13:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 16:11:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
[2010/06/15 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2011/07/29 12:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\yfvqc6wy.default\extensions
[2012/03/20 13:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/03/20 13:43:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/01 17:24:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 13:53:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:53:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: IBA Opt-out (by Google) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_2\
O1 HOSTS File: ([2012/03/02 19:29:58 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15172 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/20 16:34:52 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/18 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/18 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Malwarebytes
[2012/03/18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 10:23:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 10:23:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 10:23:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 10:03:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 10:02:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 10:02:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 10:02:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 10:02:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 10:02:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 09:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 15:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 16:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/03/06 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\52DA4B3F-6A18-4801-84B4-86F0D4A97B7D.aplzod
[2012/03/01 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/01 17:25:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:25:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:25:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/25 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\.minecraft
========== Files - Modified Within 30 Days ==========
[2012/03/20 20:01:54 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 20:01:54 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 19:52:52 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/20 19:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 19:51:20 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 19:11:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001UA.job
[2012/03/20 16:34:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/20 15:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001Core.job
[2012/03/20 13:27:04 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/20 13:27:04 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 13:21:27 | 000,000,272 | ---- | M] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:26 | 000,095,744 | ---- | M] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 20:37:27 | 000,749,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 20:37:27 | 000,639,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 20:37:27 | 000,113,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 17:39:41 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | M] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/17 12:20:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/03/14 14:19:41 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 09:59:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:13 | 000,842,949 | ---- | M] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:53:04 | 000,000,319 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/06 16:54:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/02 19:29:58 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/01 17:24:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 17:24:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/24 21:24:27 | 000,441,415 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup
========== Files Created - No Company Name ==========
[2012/03/20 19:52:52 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/20 13:21:27 | 000,000,272 | ---- | C] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:24 | 000,095,744 | ---- | C] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | C] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/14 09:59:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:10 | 000,842,949 | ---- | C] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:51:54 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/13 16:49:31 | 000,207,061 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/11/13 16:49:31 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/06/15 20:19:22 | 000,205,644 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/04/24 21:05:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 21:05:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/25 08:39:49 | 000,001,854 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\GhostObjGAFix.xml
[2011/01/05 21:13:18 | 000,005,632 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 16:37:31 | 000,038,431 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/22 15:16:26 | 000,199,528 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/20 10:58:34 | 000,737,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/07 10:45:53 | 000,029,059 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/20 13:34:28 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/14 21:30:43 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/31 20:34:36 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
========== LOP Check ==========
[2012/02/25 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\.minecraft
[2010/09/20 10:37:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Catalina Marketing Corp
[2010/08/09 15:27:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/25 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.amazon.music.uploader
[2011/04/08 10:13:53 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.kodakgallery.AirUploader
[2011/01/24 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IrfanView
[2011/11/17 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\JLAdventCalendarLondon2011
[2011/08/18 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\OverDrive
[2010/06/15 17:02:58 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\WildTangent
[2012/03/20 19:52:52 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/11 09:03:22 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Posting Permissions
