Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

adnxs virus??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

adnxs virus??

Unread postby adibari » May 29th, 2012, 1:22 pm

Hello Everyone,

I am new here and very frustrated! I believe that our PC has the adnxs pop up virus and have similar issues to another user of this board. I am able to go to websites, but get random pop ups in the lower right hand corner that state "You are the 999,999 visitor...." or the like. I also have problems using the back arrow when this pops up. I have tried running various identification tools and have been able to remove some other issues, but I am believe my host file is infected (although when I pull it up it doesn't show anything out of the ordinary).

I have included the logs below (I posted before and apparently all of the log didn't copy - my apologies)...thank you in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Amy and Pat DiBari at 13:16:32 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6402 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAsse ... ontrol.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4B738C93-0227-4E00-B4F8-EBCB8229C17B} : DhcpNameServer = 216.40.77.126 216.40.77.244
TCP: Interfaces\{AE614D11-4321-4961-BD26-53BF0845F2C5} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 108.163.215.51 http://www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 http://www.statcounter.com.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-5-26 1160824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120528.001\IDSviA64.sys [2012-5-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-29 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-26 138232]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-31 2656536]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-5 84080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-26 138360]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-29 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-29 12:46:30 -------- d-----w- C:\ProgramData\Recovery
2012-05-29 04:21:50 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\Google
2012-05-29 03:57:03 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Roaming\SparkPDF
2012-05-29 03:54:29 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Roaming\Babylon
2012-05-29 03:54:29 -------- d-----w- C:\ProgramData\Babylon
2012-05-29 01:13:11 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Roaming\Curiolab
2012-05-26 17:53:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-26 17:53:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-26 17:14:10 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2012-05-26 12:31:33 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-26 12:31:33 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-26 12:31:12 737912 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtsp64.sys
2012-05-26 12:31:12 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymDS64.sys
2012-05-26 12:31:12 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symnets.sys
2012-05-26 12:31:12 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtspx64.sys
2012-05-26 12:31:12 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\Ironx64.sys
2012-05-26 12:31:12 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ccSetx64.sys
2012-05-26 12:31:12 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymEFA64.sys
2012-05-26 12:31:07 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602010.005
2012-05-26 12:31:07 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-26 12:31:06 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-05-26 12:25:17 -------- d-----w- C:\ProgramData\PCSettings
2012-05-26 12:17:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-25 12:56:17 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45A972CF-3285-471D-B069-79AD260A4528}\mpengine.dll
2012-05-24 03:49:45 -------- d-sh--w- C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software
2012-05-24 03:49:45 -------- d-sh--w- C:\ProgramData\BAQBS
2012-05-24 03:49:34 -------- d-sh--w- C:\ProgramData\1c92d5
2012-05-23 23:17:21 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-23 23:17:10 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-23 23:17:02 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-23 23:16:54 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-13 21:41:52 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946}
2012-05-13 21:41:43 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{651A00DA-7A8B-461C-A2BE-F0793E0C8417}
2012-05-08 12:42:15 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\Adobe
2012-05-08 12:40:03 -------- d-----w- C:\ProgramData\PDFC
2012-05-07 21:16:07 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{F82ED6C8-DA20-4792-8033-A37244B78874}
2012-05-07 21:15:58 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{44B1830E-2145-4931-AB5F-3239A3470810}
2012-05-07 21:09:56 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{9DF8CB6B-3B7C-4070-ADA7-0BC8AD78D30A}
2012-05-07 21:09:46 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{1DF01F79-61F7-4C14-A13B-8EA8FCC507A8}
2012-05-03 02:03:52 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{2EBBF709-CA66-4204-9311-EA8A3A82AFAD}
2012-05-03 02:03:42 -------- d-----w- C:\Users\Amy and Pat DiBari\AppData\Local\{BF3EB38A-F4B2-405A-A027-E4505D27AC3D}
2012-04-30 18:45:59 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-30 18:43:14 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2012-04-30 18:43:14 389120 ----a-w- C:\Windows\SysWow64\actskn43.ocx
.
==================== Find3M ====================
.
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 13:16:47.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2012 8:41:15 AM
System Uptime: 5/29/2012 1:37:01 AM (12 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AC2
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 915 GiB total, 745.843 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.059 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is FIXED (NTFS) - 297 GiB total, 41.114 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 5/9/2012 7:28:48 PM - HPSF Applying updates
RP17: 5/11/2012 7:26:53 AM - Windows Update
RP18: 5/14/2012 3:00:23 AM - Windows Update
RP19: 5/18/2012 9:22:46 AM - Windows Update
RP20: 5/22/2012 8:32:11 AM - Windows Update
RP21: 5/25/2012 8:56:02 AM - Windows Update
RP22: 5/28/2012 8:50:39 PM - Removed Adobe Reader X (10.1.3).
RP23: 5/29/2012 8:59:39 AM - Removed BabylonObjectInstaller
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blio
Bubble Wrap
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Chuzzle Deluxe
Cradle of Rome 2
D3DX10
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
Facebook
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP Calendar
HP Clock
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
HP RSS
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP TouchSmart RecipeBox
HP Update
HP Weather
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
LabelPrint
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Mesh Runtime
Metric Converter
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Norton 360
opensource
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spot
Tap Tap Bear
The Treasures of Mystery Island: The Ghost Ship
Torchlight
TSHostedAppLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VIP Access
VIP Access SDK (1.0.1.4)
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/23/2012 7:03:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
adibari
Active Member
 
Posts: 5
Joined: May 29th, 2012, 9:33 am
Advertisement
Register to Remove

Re: adnxs virus??

Unread postby maxi » May 30th, 2012, 5:54 am

Hello adibari,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: adnxs virus??

Unread postby maxi » May 31st, 2012, 3:13 pm

Hi adibari

Step 1
Regbak
Backup Vista or Windows 7 registry.

Please download regbak.zip... Copyright © 2002 - 2012 Acelogix Software and save it to your Desktop.
  1. Unzip or extract all files to your desktop or other convenient place.
  2. Right click regbak64.exe ... choose "Run As Administrator".
  3. Allow the backup location to default to the shown folder.
  4. Make sure the following (default) hives are selected for backup:
    • System
    • Current User
    • Other available hives
  5. Press the "Advanced Options" link.
    In the "Default backup folder" box ...copy and paste the following to the END of the line (no spaces)
    <TIME>\
    It should look like: %SystemRoot%\RegBak\<DATE>\<TIME>\
    This adds the current time to the folder name, allowing multiple backups in one day, without removing previous backups.
    DO NOT change any other options.
  6. Press OK. Reply Yes to any folder creation prompts.
  7. Press Start at the confirmation screen.
  8. When the backup has successfully completed... press Cancel to end the program.

Step 2
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Step 3
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 4
SystemLook
Please download SystemLook_x64.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :dir
    C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software
    C:\ProgramData\BAQBS
    C:\ProgramData\1c92d5
    C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946}
    
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

In your next reply please include:
Both OTL logfiles.
The aswMBR logfile.
The systemlook logfile.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: adnxs virus??

Unread postby adibari » June 1st, 2012, 9:11 am

Please let me know if I missed anything....thanks again!

OTL logfile created on: 6/1/2012 8:40:34 AM - Run 3
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Amy and Pat DiBari\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.77% Memory free
15.82 Gb Paging File | 13.66 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.91 Gb Total Space | 747.76 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive D: | 16.50 Gb Total Space | 2.06 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 297.44 Gb Total Space | 41.11 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: AMYANDPATDIBARI | User Name: Amy and Pat DiBari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 09:28:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Amy and Pat DiBari\Desktop\OTL.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/01/31 18:07:50 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/12/05 12:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/07/20 15:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 21:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 03:13:03 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
MOD - [2012/05/14 03:13:02 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012/05/14 03:12:08 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0b61a086e3bec9ddde1a1a4722a9142d\ReachFramework.ni.dll
MOD - [2012/05/14 03:11:57 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/14 03:11:57 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/14 03:11:57 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/05/14 03:05:06 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e5b4cfcb67e63b4fc7119c4ac1072603\PresentationCore.ni.dll
MOD - [2012/05/14 03:05:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\568a3f5fb8fba4184c0d60bfb40a205c\WindowsBase.ni.dll
MOD - [2012/05/14 03:03:45 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\57a4cb79e5e78482ed20705145cdece9\System.Windows.Forms.ni.dll
MOD - [2012/05/14 03:03:44 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/14 03:03:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/14 03:03:40 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ee7975d7a04786153df726008c62d44b\System.Drawing.ni.dll
MOD - [2012/05/14 03:03:40 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/14 03:03:39 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/14 03:03:35 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/17 02:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/11/20 23:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/05 12:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/09/09 21:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/08/01 18:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 15:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 21:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/26 08:31:33 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 18:13:24 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/01/31 17:49:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/31 17:49:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/09/19 04:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 03:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/11 15:19:50 | 001,582,144 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/08/04 07:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 10:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/06/01 06:55:50 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120531.036\ex64.sys -- (NAVEX15)
DRV - [2012/06/01 06:55:50 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120531.036\eng64.sys -- (NAVENG)
DRV - [2012/05/30 23:19:23 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/30 23:19:23 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - [2012/05/25 15:09:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120531.003\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/25 01:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/03 21:44:36 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120517.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111971&tt=220512_53all&babsrc=SP_ss&mntrId=d233668d0000000000009cb70de05b84
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/26 08:31:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/05/28 22:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/04/17 08:41:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/26 08:54:51 | 000,001,283 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?A ... &keywords=%w
O7 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B738C93-0227-4E00-B4F8-EBCB8229C17B}: DhcpNameServer = 216.40.77.126 216.40.77.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE614D11-4321-4961-BD26-53BF0845F2C5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/08 15:19:29 | 000,000,097 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 13:55:32 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9dc1f44a-4c64-11e1-8f79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9dc1f44a-4c64-11e1-8f79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Disneyfile_DigitalCopy.exe -- [2010/11/08 15:19:29 | 000,446,464 | ---- | M] ()
O33 - MountPoints2\{a9987d09-888b-11e1-b7fb-e840f268037e}\Shell - "" = AutoRun
O33 - MountPoints2\{a9987d09-888b-11e1-b7fb-e840f268037e}\Shell\AutoRun\command - "" = J:\HPLauncher.exe -- [2009/05/18 12:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 08:39:21 | 000,000,000 | ---D | C] -- C:\Windows\RegBak
[2012/06/01 08:37:03 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\Desktop\regbak
[2012/05/31 18:58:34 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\com.TeachTown.Basics
[2012/05/31 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TeachTown Basics 2.0
[2012/05/31 18:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeachTown
[2012/05/31 18:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeachTown
[2012/05/31 18:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/05/31 18:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TeachTownAIRInstaller
[2012/05/29 13:43:32 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\Desktop\New folder
[2012/05/29 09:43:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Amy and Pat DiBari\Desktop\dds.scr
[2012/05/29 09:28:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Amy and Pat DiBari\Desktop\OTL.exe
[2012/05/29 08:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/05/29 00:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/29 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\Google
[2012/05/29 00:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/05/29 00:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/05/29 00:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/28 23:57:03 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\SparkPDF
[2012/05/28 23:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/05/28 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/05/28 23:56:01 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Real
[2012/05/28 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Babylon
[2012/05/28 23:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/28 21:13:11 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Curiolab
[2012/05/26 13:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/26 13:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/26 13:14:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2012/05/26 08:51:03 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\Documents\Symantec
[2012/05/26 08:31:33 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/26 08:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/05/26 08:31:12 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys
[2012/05/26 08:31:12 | 000,737,912 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys
[2012/05/26 08:31:12 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys
[2012/05/26 08:31:12 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys
[2012/05/26 08:31:12 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys
[2012/05/26 08:31:12 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys
[2012/05/26 08:31:12 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys
[2012/05/26 08:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/05/26 08:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0602010.005
[2012/05/26 08:31:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/05/26 08:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/05/26 08:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012/05/26 08:24:44 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/05/26 08:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/05/23 23:49:45 | 000,000,000 | -HSD | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software
[2012/05/23 23:49:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\BAQBS
[2012/05/23 23:49:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\1c92d5
[2012/05/13 17:41:52 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946}
[2012/05/13 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{651A00DA-7A8B-461C-A2BE-F0793E0C8417}
[2012/05/13 13:05:19 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/13 13:05:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/13 13:05:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/13 13:05:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/08 08:42:15 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\Adobe
[2012/05/08 08:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/05/08 08:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/05/08 08:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/05/07 17:16:07 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{F82ED6C8-DA20-4792-8033-A37244B78874}
[2012/05/07 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{44B1830E-2145-4931-AB5F-3239A3470810}
[2012/05/07 17:09:56 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{9DF8CB6B-3B7C-4070-ADA7-0BC8AD78D30A}
[2012/05/07 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{1DF01F79-61F7-4C14-A13B-8EA8FCC507A8}
[2012/05/02 22:03:52 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{2EBBF709-CA66-4204-9311-EA8A3A82AFAD}
[2012/05/02 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{BF3EB38A-F4B2-405A-A027-E4505D27AC3D}
[1 C:\Users\Amy and Pat DiBari\*.tmp files -> C:\Users\Amy and Pat DiBari\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 08:31:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 07:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/01 06:51:23 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 20:12:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 20:12:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 18:34:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\TeachTown Basics 2.0.lnk
[2012/05/30 19:35:49 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAmy and Pat DiBari.job
[2012/05/29 09:43:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Amy and Pat DiBari\Desktop\dds.scr
[2012/05/29 09:28:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Amy and Pat DiBari\Desktop\OTL.exe
[2012/05/29 00:21:29 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/28 23:54:44 | 000,001,540 | ---- | M] () -- C:\user.js
[2012/05/28 22:58:41 | 000,778,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 22:58:41 | 000,660,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 22:58:41 | 000,120,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 22:54:16 | 2073,964,543 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/26 08:54:51 | 000,001,283 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/26 08:52:45 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
[2012/05/26 08:31:47 | 001,586,590 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012/05/26 08:31:33 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/26 08:31:33 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/26 08:31:33 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/05/26 08:31:23 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/05/14 03:21:13 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 03:55:01 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\isolate.ini
[2012/05/10 18:13:28 | 000,000,089 | ---- | M] () -- C:\Users\Amy and Pat DiBari\AppData\Local\msmathematics.qat.Amy and Pat DiBari
[2012/05/08 14:37:43 | 000,004,608 | ---- | M] () -- C:\Users\Amy and Pat DiBari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 17:42:01 | 003,260,671 | ---- | M] () -- C:\Users\Amy and Pat DiBari\Documents\SEAC_Awards_Show_2012.ppsx
[1 C:\Users\Amy and Pat DiBari\*.tmp files -> C:\Users\Amy and Pat DiBari\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/01 08:36:26 | 000,313,708 | ---- | C] () -- C:\Users\Amy and Pat DiBari\Desktop\regbak.zip
[2012/05/31 18:34:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\TeachTown Basics 2.0.lnk
[2012/05/29 00:21:53 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 00:21:52 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 00:21:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/29 00:21:29 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/28 23:54:40 | 000,001,540 | ---- | C] () -- C:\user.js
[2012/05/26 08:52:50 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
[2012/05/26 08:31:34 | 001,586,590 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012/05/26 08:31:33 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/26 08:31:33 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/05/26 08:31:23 | 000,002,373 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/05/26 08:31:08 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA.inf
[2012/05/26 08:31:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS.inf
[2012/05/26 08:31:08 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymNet.inf
[2012/05/26 08:31:08 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.inf
[2012/05/26 08:31:08 | 000,001,419 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.inf
[2012/05/26 08:31:08 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.inf
[2012/05/26 08:31:08 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Iron.inf
[2012/05/26 08:31:07 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.cat
[2012/05/26 08:31:07 | 000,007,468 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.cat
[2012/05/26 08:31:07 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.cat
[2012/05/26 08:31:07 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.cat
[2012/05/26 08:31:07 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnet64.cat
[2012/05/26 08:31:07 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.cat
[2012/05/26 08:31:07 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\iron.cat
[2012/05/26 08:31:07 | 000,004,782 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymVTcer.dat
[2012/05/26 08:31:07 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\isolate.ini
[2012/05/10 18:13:28 | 000,000,089 | ---- | C] () -- C:\Users\Amy and Pat DiBari\AppData\Local\msmathematics.qat.Amy and Pat DiBari
[2012/05/08 12:43:46 | 000,004,608 | ---- | C] () -- C:\Users\Amy and Pat DiBari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 17:42:00 | 003,260,671 | ---- | C] () -- C:\Users\Amy and Pat DiBari\Documents\SEAC_Awards_Show_2012.ppsx
[2012/01/31 17:49:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/31 17:49:37 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/31 17:49:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/12 19:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 13:15:43 | 000,771,986 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >


OTL Extras logfile created on: 6/1/2012 8:40:34 AM - Run 3
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Amy and Pat DiBari\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.77% Memory free
15.82 Gb Paging File | 13.66 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.91 Gb Total Space | 747.76 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive D: | 16.50 Gb Total Space | 2.06 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 297.44 Gb Total Space | 41.11 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: AMYANDPATDIBARI | User Name: Amy and Pat DiBari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2907ECE4-A04C-480E-A600-38F629BF5024}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{53C4CC65-A107-40F5-8F50-3BB73A335251}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7C685635-DBA8-4949-917E-03FDA5760724}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DC9A30-D7DA-45D9-B422-BE8980A0F5C4}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{25E87C32-3824-46E9-9FA1-204093C4DE9F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2886F71E-4E42-4207-BF11-AB9E4587B37F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2C34E0C9-613D-4E9D-A99A-4C137B1D94F0}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{2D741F00-428C-47CE-A160-6D303BE60E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{2DABD4AB-2DFC-4792-94A1-130B42D5830C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4EBA274F-447C-4F33-8E60-C2EE92A2DDF0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5635FA82-2138-4EBC-BACE-99923E1E1C48}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{5CA2BB7C-7A24-4605-A5DB-88576CCA9A9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E959167-041D-4358-AFF1-78CADA6C420A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B6874CBD-C840-48AE-BB2F-171CD73A0E78}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D7DFDB2F-000A-43FC-BEDA-BC99332B2938}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DA0FED3F-C348-44A8-BDAD-FCD4FE2864E6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{45117FAB-8A43-4833-B65B-86022BB28E2B}C:\programdata\1c92d5\ba1c9_8028.exe" = protocol=6 | dir=in | app=c:\programdata\1c92d5\ba1c9_8028.exe |
"UDP Query User{26CAEC0D-7825-4B97-9891-22D3638F971E}C:\programdata\1c92d5\ba1c9_8028.exe" = protocol=17 | dir=in | app=c:\programdata\1c92d5\ba1c9_8028.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A10EE46B-C2E8-4FAB-A8F8-3E80D0662BA9}" = Adobe Flash Player 11 ActiveX (x64)
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1" = Bubble Wrap
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F940BCA-0631-FB41-EEF0-0F9A29D085AA}" = TeachTown: Basics 2.0
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"com.TeachTown.Basics" = TeachTown: Basics 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"N360" = Norton 360
"PROR" = Microsoft Office Professional 2007
"TeachTown: Basics" = TeachTown: Basics 2.0
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0bf61757-eb09-4d8f-9529-33cce4825454" = Farm Frenzy
"WTA-19e24d4b-1816-4260-98a1-efffd64e0343" = Virtual Villagers 4 - The Tree of Life
"WTA-2581dfca-1e54-49ba-91f5-1dcb091b43b5" = The Treasures of Mystery Island: The Ghost Ship
"WTA-3cd0805d-8e65-404e-869f-44232bf4ea33" = Final Drive Fury
"WTA-40ed8060-bf88-49e0-9d39-19f3436da5a6" = Plants vs. Zombies - Game of the Year
"WTA-50864d86-bb2c-4418-af61-3bb1e571a438" = RollerCoaster Tycoon 3: Platinum
"WTA-5dcf072b-c305-4b73-883a-fd32ea1f7fc1" = Polar Bowler
"WTA-68b504e2-caa9-48b6-8933-0d41bb71eae5" = Chuzzle Deluxe
"WTA-7945619c-f3af-41a2-90b0-ae8884f0bfad" = Penguins!
"WTA-88c39b2e-e317-4035-8b32-7fd85c678a86" = Letters from Nowhere 2
"WTA-89de2642-c990-4806-a593-9e8e8d9bd323" = Zuma's Revenge
"WTA-8a0b4b7a-bbb1-463b-bd32-4be3b22d71cb" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-8a3060d0-3c7d-494b-aac3-afe75f829d18" = Polar Golfer
"WTA-94333228-ec1e-4f49-986d-f0044cbfa064" = Hoyle Card Games
"WTA-96f5f81d-3bb0-40ee-add5-f76e49004f15" = FATE
"WTA-9aed7c60-0b85-4369-8a63-32f1a4986a62" = Bejeweled 3
"WTA-9ea0e872-a8c4-4ced-99e1-fb678f2ffd43" = Cradle of Rome 2
"WTA-a031197e-8afb-4e27-ba63-83b46fc99c66" = Jewel Match 3
"WTA-b3c5269c-1005-4efd-8379-8ca92ece1596" = Blackhawk Striker 2
"WTA-c4b1589f-d587-4703-b95b-72a584d9baef" = Farmscapes
"WTA-ce72ef09-bb17-40e0-9ce8-cba4381f5c82" = Poker Superstars III
"WTA-cf501209-f2ba-46de-aa39-c84cc9cc2ce2" = Luxor HD
"WTA-e9935403-0613-4d92-bbb9-0b01ea02a2d8" = John Deere Drive Green
"WTA-ef8b117b-f09f-44f5-b8e7-9821acdcfd51" = Torchlight
"WTA-f94ea39d-8893-4654-adca-416bbcfd5069" = Dora's World Adventure
"WTA-fccc86f2-490f-4ba2-8ee4-9bbc0f8bcf11" = Mah Jong Medley

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2012 2:57:33 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3994

Error - 5/9/2012 2:57:34 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/9/2012 2:57:34 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992

Error - 5/9/2012 2:57:34 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

Error - 5/9/2012 2:57:35 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/9/2012 2:57:35 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5991

Error - 5/9/2012 2:57:35 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5991

Error - 5/9/2012 2:57:36 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/9/2012 2:57:36 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005

Error - 5/9/2012 2:57:36 PM | Computer Name = AmyandPatDiBari | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

[ Hewlett-Packard Events ]
Error - 4/17/2012 8:43:49 AM | Computer Name = AmyandPatDiBari | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8098 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 4/17/2012 8:43:50 AM | Computer Name = AmyandPatDiBari | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8098 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 4/18/2012 7:20:33 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 4/18/2012 7:20:33 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/9/2012 7:25:40 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/9/2012 7:25:41 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/9/2012 7:25:41 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:18:08 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:18:08 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/23/2012 7:11:24 PM | Computer Name = AmyandPatDiBari | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8098 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 5/14/2012 9:00:58 AM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 1:32:26 PM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 8:39:11 PM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 9:24:55 PM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 9:26:02 PM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/15/2012 9:03:14 AM | Computer Name = AmyandPatDiBari | Source = DCOM | ID = 10016
Description =

Error - 5/20/2012 7:50:34 AM | Computer Name = AmyandPatDiBari | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.5
with the system having network hardware address 04-54-53-B1-A7-9D. Network operations
on this system may be disrupted as a result.

Error - 5/23/2012 7:03:27 AM | Computer Name = AmyandPatDiBari | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/23/2012 7:03:28 AM | Computer Name = AmyandPatDiBari | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/23/2012 7:03:29 AM | Computer Name = AmyandPatDiBari | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-01 08:45:36
-----------------------------
08:45:36.965 OS Version: Windows x64 6.1.7601 Service Pack 1
08:45:36.965 Number of processors: 4 586 0x2A07
08:45:36.965 ComputerName: AMYANDPATDIBARI UserName:
08:45:39.212 Initialize success
08:46:11.567 AVAST engine defs: 12060100
08:46:21.660 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:46:21.675 Disk 0 Vendor: ST310005 HP64 Size: 953869MB BusType: 3
08:46:21.691 Disk 0 MBR read successfully
08:46:21.691 Disk 0 MBR scan
08:46:21.691 Disk 0 Windows 7 default MBR code
08:46:21.707 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:46:21.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 936871 MB offset 206848
08:46:21.753 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16896 MB offset 1918918656
08:46:21.785 Disk 0 scanning C:\Windows\system32\drivers
08:46:30.333 Service scanning
08:46:44.763 Modules scanning
08:46:44.763 Disk 0 trace - called modules:
08:46:44.779 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:46:45.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a029060]
08:46:45.278 3 CLASSPNP.SYS[fffff88001fa843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b30050]
08:46:46.542 AVAST engine scan C:\Windows
08:46:48.476 AVAST engine scan C:\Windows\system32
08:49:12.199 AVAST engine scan C:\Windows\system32\drivers
08:49:40.342 AVAST engine scan C:\Users\Amy and Pat DiBari
08:59:18.187 AVAST engine scan C:\ProgramData
09:03:08.555 Scan finished successfully
09:04:01.642 Disk 0 MBR has been saved successfully to "C:\Users\Amy and Pat DiBari\Desktop\MBR.dat"
09:04:01.657 The log file has been saved successfully to "C:\Users\Amy and Pat DiBari\Desktop\aswMBR06012012-903am.txt"

SystemLook 30.07.11 by jpshortstuff
Log created at 09:06 on 01/06/2012 by Amy and Pat DiBari
Administrator - Elevation successful

========== dir ==========

C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software - Parameters: "(none)"

---Files---
Instructions.ini --a---- 51 bytes [03:49 24/05/2012] [03:50 24/05/2012]

---Folders---
None found.

C:\ProgramData\BAQBS - Parameters: "(none)"

---Files---
BADAZLLBQKS.cfg --ahs-- 24676 bytes [03:49 24/05/2012] [18:34 24/05/2012]

---Folders---
None found.

C:\ProgramData\1c92d5 - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-
adibari
Active Member
 
Posts: 5
Joined: May 29th, 2012, 9:33 am

Re: adnxs virus??

Unread postby maxi » June 1st, 2012, 12:49 pm

Hi dibari, Your doing fine :) Before you attempt the fix below, you should back up your registry like you did in the first step above.

Step 1
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe And select Run as administrator to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :otl
    IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}                                                                                                                                  
    IE - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111971&tt=220512_53all&babsrc=SP_ss&mntrId=d233668d0000000000009cb70de05b84
    O3 - HKU\S-1-5-21-581223446-2054093398-4249451415-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2012/05/28 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Babylon
    [2012/05/28 23:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/05/23 23:49:45 | 000,000,000 | -HSD | C] -- C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software
    [2012/05/23 23:49:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\BAQBS
    [2012/05/23 23:49:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\1c92d5
    [2012/05/13 17:41:52 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946}
    [2012/05/13 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{651A00DA-7A8B-461C-A2BE-F0793E0C8417}
    [2012/05/07 17:16:07 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{F82ED6C8-DA20-4792-8033-A37244B78874}
    [2012/05/07 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{44B1830E-2145-4931-AB5F-3239A3470810}
    [2012/05/07 17:09:56 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{9DF8CB6B-3B7C-4070-ADA7-0BC8AD78D30A}
    [2012/05/07 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{1DF01F79-61F7-4C14-A13B-8EA8FCC507A8}
    [2012/05/02 22:03:52 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{2EBBF709-CA66-4204-9311-EA8A3A82AFAD}
    [2012/05/02 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\Amy and Pat DiBari\AppData\Local\{BF3EB38A-F4B2-405A-A027-E4505D27AC3D}
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 3
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
The OTL logfile.
The Malwarebytes logfile.
The eset logfile.
How your computer is running now ?

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: adnxs virus??

Unread postby adibari » June 2nd, 2012, 8:26 am

The ads don't seem to be coming up anymore...is everything removed?? :-)

All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-581223446-2054093398-4249451415-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-581223446-2054093398-4249451415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-581223446-2054093398-4249451415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Amy and Pat DiBari\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Roaming\Best Antivirus Software folder moved successfully.
C:\ProgramData\BAQBS folder moved successfully.
C:\ProgramData\1c92d5 folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{7B4E49CD-6AF0-42F9-B74C-D778BD974946} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{651A00DA-7A8B-461C-A2BE-F0793E0C8417} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{F82ED6C8-DA20-4792-8033-A37244B78874} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{44B1830E-2145-4931-AB5F-3239A3470810} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{9DF8CB6B-3B7C-4070-ADA7-0BC8AD78D30A} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{1DF01F79-61F7-4C14-A13B-8EA8FCC507A8} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{2EBBF709-CA66-4204-9311-EA8A3A82AFAD} folder moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\{BF3EB38A-F4B2-405A-A027-E4505D27AC3D} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Amy and Pat DiBari\Desktop\cmd.bat deleted successfully.
C:\Users\Amy and Pat DiBari\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amy and Pat DiBari
->Temp folder emptied: 59191918 bytes
->Temporary Internet Files folder emptied: 292792713 bytes
->Flash cache emptied: 68452 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74992 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 4462620787 bytes

Total Files Cleaned = 4,592.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.44.0 log created on 06012012_143203

Files\Folders moved on Reboot...
File\Folder C:\Users\Amy and Pat DiBari\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RS1TJ1HU\empty[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RS1TJ1HU\getAds[2].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RS1TJ1HU\viewtopic[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KWQ8E68A\ygm[1].mp3 moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K1K3W8DA\tcode3[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K1K3W8DA\tcodewads_at[1].htm moved successfully.
File move failed. C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K1K3W8DA\x90;noperf=1;alias=93225964;kvugc=0;kvui=58af2690a98211e1af96c5c526cdc6ec;kvmn=93225964;extmirroring=0;target=_blank;aduho=-240;grp=575317658[1].htm scheduled to be moved on reboot.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMYXU1CN\tcodeqt[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMYXU1CN\weather[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1MYZHCAI\Suite[1].htm moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Amy and Pat DiBari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Amy and Pat DiBari :: AMYANDPATDIBARI [administrator]

6/1/2012 2:43:23 PM
mbam-log-2012-06-01 (14-43-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201598
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Logfile

K:\DiBari\AppData\Local\Temp\Dealio.exe Win32/Toolbar.Widgi application
K:\DiBari\AppData\Local\Temp\jar_cache5053303609194450057.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan
K:\DiBari\AppData\Local\Temp\jar_cache7691914208733287374.tmp Java/TrojanDownloader.OpenStream.NBE trojan
K:\DiBari\AppData\Local\Temp\YontooIEClient.dll Win32/Adware.Yontoo.A application
K:\DiBari\Desktop\Setup_FreeConverter.exe Win32/Toolbar.Widgi application
adibari
Active Member
 
Posts: 5
Joined: May 29th, 2012, 9:33 am

Re: adnxs virus??

Unread postby adibari » June 2nd, 2012, 8:29 am

By the way, my K: drive is my external hard drive. Do these files need to be deleted from that drive?

Thanks again!!!!!
adibari
Active Member
 
Posts: 5
Joined: May 29th, 2012, 9:33 am

Re: adnxs virus??

Unread postby maxi » June 2nd, 2012, 12:13 pm

Hi adibari, well done :)

Yes, you should delete those files from the external drive. If you have any problem doing so you can post to this thread and I will help you.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now remove any tools that we used from your computer.



Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Malwarebytes' Anti-Malware
- You might like to keep this program on your computer as it is very effective against malware. You should update the program and run a "quick scan" once a week.



Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: adnxs virus??

Unread postby deltalima » June 5th, 2012, 9:40 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware