Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with 'permissions'

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Problems with 'permissions'

Unread postby Gary R » July 26th, 2012, 4:18 am

Yes, try disabling McAfee and then running the OTL fix again .... viewtopic.php?p=612010#p612010

If it still won't run to completion, run a standard scan for me ....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce a log.
    • OTL.txt (open on your desktop).
  • Please post me both the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Problems with 'permissions'

Unread postby blackngold86 » July 26th, 2012, 5:28 pm

Seemed like everything was running fine with the fix but then it popped up "OTL has stopped working." On reopen, log showed:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Users\Bob\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/26 17:19:02 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
[2012/07/25 11:47:18 | 000,001,850 | ---- | M] () C:\Users\Bob\AppData\Local\Temp\ehmsas.txt : Unable to obtain MD5

Registry entries deleted on Reboot...




Will run a standard scan and post results momentarily!
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby blackngold86 » July 26th, 2012, 5:51 pm

OTL logfile created on: 7/26/2012 5:29:02 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Bob\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.63% Memory free
8.08 Gb Paging File | 5.81 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 179.92 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 00:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/09/14 20:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/05/02 19:52:17 | 004,050,944 | ---- | M] () -- C:\Users\Bob\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/02 19:52:17 | 000,100,864 | ---- | M] () -- C:\Users\Bob\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/02 04:16:17 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/02 04:16:08 | 000,199,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 16:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/02 04:16:18 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/02 04:16:16 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/02 04:16:14 | 000,642,952 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/02 04:16:11 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/02 04:16:10 | 000,158,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/09/03 23:05:19 | 002,685,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 15:02:51 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/12/10 08:37:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 22:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/27 16:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/21 13:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/09/19 21:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/08/05 15:24:54 | 000,024,568 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SwSetup\sp44138\iscflashx64.sys -- (iscFlash)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C299A347-D117-4200-8C95-A0A570E62019}
IE:64bit: - HKLM\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{C299A347-D117-4200-8C95-A0A570E62019}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{C299A347-D117-4200-8C95-A0A570E62019}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\..\SearchScopes,DefaultScope = {C299A347-D117-4200-8C95-A0A570E62019}
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bob\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 00:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/02 04:17:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Bob\AppData\Roaming\Move Networks [2009/12/15 23:54:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 00:27:05 | 000,000,000 | ---D | M]

[2010/07/22 20:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2010/07/22 20:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/02/21 00:42:47 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Live Search (Enabled)
CHR - default_search_provider: search_url = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF&src=IE-SearchBox
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Bob\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Oovoo Toolbar = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.14.1.20560_0\
CHR - Extension: YouTube = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 17:19:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120702041738.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120702041738.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launch ... wwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/a ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91CCA174-7E37-44D3-A9D7-B8684C62E1E8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 03:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/25 17:39:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/24 18:13:14 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/23 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2012/07/23 17:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/23 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/23 17:47:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/23 17:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/23 17:38:51 | 010,651,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2012/07/22 23:51:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/22 23:51:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/22 23:51:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/22 23:51:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/22 23:51:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/22 23:51:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/22 23:51:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/22 23:51:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/22 23:51:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/22 23:51:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/22 23:50:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/22 23:50:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/22 23:50:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/22 00:29:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/07/14 03:02:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/07/05 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/07/02 14:01:14 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/07/02 04:18:43 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\McAfee
[2012/07/02 04:17:39 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysWow64\MfeOtlkAddin.dll
[2012/07/02 04:17:39 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysWow64\MFEOtlk.dll
[2012/07/02 04:17:38 | 000,099,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\MfeOtlkAddin.dll
[2012/07/02 04:17:35 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/07/02 04:17:34 | 000,100,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/07/02 04:17:33 | 000,158,712 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2012/07/02 04:17:32 | 000,228,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/07/02 04:17:29 | 000,642,952 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2012/07/02 04:17:01 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/07/02 04:16:59 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/07/02 04:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/07/02 04:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/02 04:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/07/02 04:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/07/02 04:12:25 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\V
[2012/07/02 03:13:42 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/07/02 02:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2012/07/01 22:59:36 | 000,318,088 | ---- | C] (Symantec Corp.) -- C:\Users\Bob\Desktop\Setup.exe
[2012/07/01 22:59:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/07/01 22:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012/07/01 22:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/07/01 22:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012/07/01 22:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/07/01 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\I Want This
[2012/07/01 14:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I Want This
[2012/07/01 14:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/01 14:28:57 | 003,710,865 | ---- | C] (Microsoft Corporation) -- C:\Users\Bob\Desktop\mseinstall.exe.bzhlugc.partial

========== Files - Modified Within 30 Days ==========

[2012/07/26 17:13:22 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bob.job
[2012/07/26 17:08:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 15:48:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 15:48:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 21:08:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 11:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 11:48:45 | 4222,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 11:47:28 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/25 11:40:06 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 11:40:06 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/23 17:48:31 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 17:39:00 | 010,651,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2012/07/22 00:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/07/21 21:01:02 | 000,005,632 | ---- | M] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 15:50:31 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/07/11 03:26:22 | 000,316,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 04:16:18 | 000,283,744 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/07/02 04:16:17 | 000,158,832 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/07/02 04:16:16 | 000,100,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/07/02 04:16:16 | 000,099,056 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\MfeOtlkAddin.dll
[2012/07/02 04:16:14 | 000,642,952 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2012/07/02 04:16:12 | 000,009,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/07/02 04:16:11 | 000,228,752 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/07/02 04:16:10 | 000,158,712 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2012/07/02 04:15:56 | 000,074,848 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\MfeOtlkAddin.dll
[2012/07/02 04:15:56 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\MFEOtlk.dll
[2012/07/02 03:15:37 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/02 03:14:55 | 000,707,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/02 02:47:07 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 01:34:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/02 01:34:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/02 01:27:13 | 000,920,096 | ---- | M] () -- C:\Users\Bob\Desktop\Norton_Removal_Tool.exe
[2012/07/01 23:23:24 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/07/01 22:59:36 | 000,318,088 | ---- | M] (Symantec Corp.) -- C:\Users\Bob\Desktop\Setup.exe
[2012/07/01 22:59:35 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/07/01 14:29:02 | 003,710,865 | ---- | M] (Microsoft Corporation) -- C:\Users\Bob\Desktop\mseinstall.exe.bzhlugc.partial
[2012/07/01 13:39:35 | 000,000,631 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\result.db

========== Files Created - No Company Name ==========

[2012/07/23 17:48:31 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 00:14:00 | 4222,820,352 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/02 03:15:37 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/02 03:14:55 | 000,707,710 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/02 01:27:12 | 000,920,096 | ---- | C] () -- C:\Users\Bob\Desktop\Norton_Removal_Tool.exe
[2012/07/01 22:59:38 | 000,000,444 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bob.job
[2012/07/01 22:59:35 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/07/01 22:59:26 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/07/01 13:39:35 | 000,000,631 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\result.db
[2010/07/02 22:22:07 | 000,004,239 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.5
[2010/07/02 22:22:02 | 000,003,685 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.4
[2010/07/02 22:22:00 | 000,004,214 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.3
[2010/07/02 22:21:59 | 000,004,203 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.2
[2010/07/02 22:21:57 | 000,004,232 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.1
[2010/07/02 22:21:56 | 000,004,193 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.JPG
[2010/07/02 22:21:56 | 000,003,685 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpGRAN TORINO MAIN SCREEN.0
[2010/06/13 02:22:03 | 001,348,608 | -HS- | C] () -- C:\Users\Bob\ehthumbs_vista.db
[2009/08/12 22:00:06 | 000,005,632 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/12 22:30:00 | 000,000,680 | ---- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2009/05/06 20:10:50 | 000,001,758 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/06/28 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/19 14:47:06 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DriverCure
[2010/06/13 16:32:26 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\muvee Technologies
[2012/03/04 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ooVoo Details
[2012/02/19 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PC Cleaners
[2012/07/01 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PCPro
[2012/02/19 14:47:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\SpeedyPC Software
[2012/04/04 21:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TaxCut
[2009/05/06 20:11:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Template
[2010/07/22 20:22:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TomTom
[2010/06/13 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Ulead Systems
[2012/07/25 11:47:31 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby blackngold86 » July 26th, 2012, 5:53 pm

OTL Extras logfile created on: 7/26/2012 5:29:02 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Bob\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.63% Memory free
8.08 Gb Paging File | 5.81 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 179.92 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2178579362-4275671455-3174961323-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0B 84 C2 22 98 E4 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2178579362-4275671455-3174961323-1000]
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ADE511-723A-45B2-B842-1DFA9DAE55D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{08A29531-8374-445F-BFD5-F89F066780C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{099D14A7-8271-43E1-BFBA-877DCA0E8DB9}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A95F1B9-E0B1-4BA6-B12A-75A70D72812E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0FE76C67-7481-4722-AD36-E43F1060297F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1E6F41DD-3E8D-4434-B80F-BCA832C54AE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3168001A-2B17-48B4-ACF9-18528F937E9B}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{3227975F-CD65-4815-B367-707837D1D81F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{361DD4CA-CC9B-4757-8ADA-25693A887D9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D661526-3E5B-425E-9B53-81FE3BEE15A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46602961-DCAD-442C-8492-1E41F256C084}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47790BD3-4ACD-431B-9862-DEFBE98D2DB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FE357DA-EE1D-4290-A3F6-66D3FE65CEBB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0AFCE2-DEEF-49F6-A35B-BC615AB1A85F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5A25F8CD-E649-434D-8DFF-12B281AC3EEF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A970217-1897-4386-9BA7-B0232246B33A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5C6EBE26-E872-415B-85FD-815F4E45E5C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{697D3D2B-F30C-4373-A5BD-296A0A2CE642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6994CCED-5B4E-4F9E-B6A8-6657D082618A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6B16E967-97D3-4ED1-B724-47E953A3E094}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6D6B1783-04DB-4A4C-AEE8-3DBCEF6A527A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FCBAD56-0691-476C-8C05-75A618E94474}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{7B01CA73-8593-4DC0-851D-3F1F66FBE37C}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C31FEDE-04F0-4404-A0AF-3502850904F8}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{84E9EEEC-4EF7-4B5C-9A6C-3ABDCAB8A779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ACD50AC-F1AD-45B7-809C-C94ECF5D71B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9BDBE627-A16E-4E6A-9205-62AAF778B5B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5961A0B-DFB2-4014-B7B1-4F18C9F4467C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5A097FD-8409-4DAE-AEBB-52D772057088}" = lport=139 | protocol=6 | dir=in | app=system |
"{C5D0AAEF-6288-4880-9A41-5E865BA3ACB1}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C5F3CAB1-1144-4990-BE5E-DBE20DFEF4B0}" = rport=10244 | protocol=6 | dir=out | app=system |
"{CA91F9D7-CD40-4E0A-BC49-F14BC396CD59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF36AEF1-39E8-4F6A-8609-6942FAEE6F85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D14574DF-7486-461D-AFC9-B9B155AF7E67}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7592868-FE01-4AD8-841A-75C7D419CDAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB843EA5-091F-47F4-8D60-2DEF1F72E2A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD408D89-5A77-45F9-AD7A-8ED60C43559D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2DC9D38-9694-4922-B128-5E103ACFBB36}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E7E060FA-56A4-4FEC-9040-A85520DADE33}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA3A4836-2158-4D94-A441-1D1CBA5AB9B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EFB64991-2C48-498B-89E5-D333559EB671}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F20640F7-D3BB-40F9-8373-9B35CFA10A66}" = lport=445 | protocol=6 | dir=in | app=system |
"{F584EB09-184B-413F-9699-3303CA80F3A0}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{F7CA4E0C-CCF3-46B2-BFCF-45BCDC31E003}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAC6FF99-F7C3-4C19-9B68-70312186186C}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC361DE2-CA2F-49BC-8E08-C038C5C1D2D9}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EE8BC7-8125-4F79-9235-663F4BFABFEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{01788F0C-D503-4AAB-9841-8450CC155B67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{043CDEDD-41E1-4D67-AC26-56BAFAB5A917}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{04717C13-4795-4491-839C-49058A905E7E}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{04A7876A-8B14-4B3C-8A85-542BAD31B2C0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{0D12D67E-B60A-4324-A58B-F11711959484}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{141635B0-B058-4306-A008-36A590D4A3B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1BFC16B8-4251-4200-B9F5-ACF900580B7C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1F1B2353-6C35-4170-A3FC-DFB402FD9339}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22271130-351C-4672-BB4A-7AA3CBD8A2C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24765911-4DBF-425C-8E5C-FE41291D788C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{25D11076-C0AC-4DDA-8FF0-758D8280EBCD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{294F7201-7116-426F-A6A3-48C39839188F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2960233D-16BB-4B38-8EDC-27326D14D6BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B2534D4-3256-47D1-AA5D-B16ACE58D2B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2E4F2F4F-695C-4187-9F85-D3DFAD99B8EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32F1AE85-A207-43CB-B30B-1ACDD150F029}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34D2571B-9CC2-449C-9B8E-BAB1564252E7}" = protocol=6 | dir=in | app=c:\users\bob\appdata\local\temp\7zsbbf1.tmp\symnrt.exe |
"{3C5F3CAA-F752-4A6F-93FA-98A1E476DB60}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{42CCC3B5-F622-4007-B979-007AA2A7C6F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49580B8F-6774-42B1-AB3F-042A65B96383}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B34ECBE-715E-4B9C-85F8-D0A722970D45}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4D0A8CCD-F141-49ED-BD2B-DC3918AA6A1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5A4CCC8E-B027-4AF1-8971-225F5EAAE9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5CBC5809-46B0-451E-817A-1BA43072C986}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6172531D-BCF3-4A75-A861-A30738991113}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6742CB15-E837-4539-A449-0A9A0C1933AA}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{750DCD2F-689E-4690-BCB3-E4FDEAB18521}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{7650AB97-653A-4F1D-9E88-79A9F424F0F9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{77FBFEDB-FD87-4646-9249-AD2BBF0EB392}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{867B33D1-C2D4-4277-B76E-7300F6BD1AB2}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{8E0B0396-3EBC-4264-989D-1CD2F6AFC410}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8E4782B7-7A0A-40CA-BEE1-3769D70AEE71}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9049F272-56D5-4FEA-86E0-971F7128307B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{967D6372-760B-4457-82CF-398EA08EDFCF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C9BF4C1-9A42-4CD6-9872-2A3416DFFEDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F830E23-F8E5-4F53-A4F7-ADD594DF42B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{9FCAB167-B599-4105-8BC2-AA520F4AD403}" = protocol=17 | dir=in | app=c:\users\bob\appdata\local\temp\7zsbbf1.tmp\symnrt.exe |
"{A0117F36-14DF-4B6B-AEFF-897807AF846A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE21BA6B-441F-41EB-8187-1DBCCD78F429}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{AF2DEF63-A612-4592-8D82-453961DF6DA4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B303C4E1-8DB6-4BB5-90D3-2C204FF67BED}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B5D101C3-5636-42E0-A3A8-F5D13AE04240}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCA289CD-4CD4-4995-A720-C728C7F33655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE24FFEC-AB36-4CE9-AAEE-0460125A037B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{BF883995-4971-4DC2-BF93-6657ECF8CD17}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C20491DA-5EF8-404B-9B6D-1A2ACC8F80F4}" = protocol=6 | dir=out | app=system |
"{CB12E750-E34F-4319-B37C-793AC37B4318}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{CB8DBE8F-35E6-4EC7-8B1E-782AFEC7A50F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CE74CD8C-19F9-4A5F-921B-F922677600A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0A7FDB9-4438-49CA-8E5D-66583B4529AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{DA39068F-09CB-43BE-90DC-E1EE0EF206BD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DCBA163B-2AE4-466B-991B-D6972222033F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DD727AE4-9A5E-4AFA-B14D-4BBC45B64793}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB5B809D-0EDA-4BCA-B0CD-2F339A21B0DA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{EE2AEB60-640C-4136-B310-8D22E72C2385}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F3ECA7D9-D1EF-455C-B407-C699829142FE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{FE24E6E6-8706-4EC9-BC99-86752F6455C6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FE7161B4-3863-4378-BB89-87B5F3D52E3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2F4353A7-82B1-4F2A-A740-CBADDBC08C38}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{357B7B6D-EC0B-46A4-8CBA-EF23FAEEA2E5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3AC8AE1B-073C-4219-8526-5F5102C64718}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{439B261E-CC11-4657-B847-D8D7EDC9983B}C:\programdata\f62252\pif62_289.exe" = protocol=6 | dir=in | app=c:\programdata\f62252\pif62_289.exe |
"TCP Query User{EECA25AD-0FA0-4BEA-AB00-1217C9E1D825}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{57D921E8-AAD3-41FB-8A9A-06ECBA14C58A}C:\programdata\f62252\pif62_289.exe" = protocol=17 | dir=in | app=c:\programdata\f62252\pif62_289.exe |
"UDP Query User{7E65D052-DE46-48D9-8271-4537989E96F5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{82783DD3-F327-42E1-A7FF-9AEF0F0F941D}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{8D81E0A1-52B6-4C75-AD8C-6CDA9BAB08EF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{FAE2D022-3A33-4297-9786-DE20843D4C06}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A86D7D30-194C-49AF-BAC3-212715B9E547}" = H&R Block West Virginia 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BE78F458-88D3-4894-87E9-54B96D1FFAB6}" = HP User Guides 0126
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"NSS" = Norton Security Scan
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2178579362-4275671455-3174961323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ca996af32b15a664" = Bully Dog Update Agent
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2012 11:49:14 AM | Computer Name = Bob-PC | Source = WinMgmt | ID = 5601
Description =

Error - 7/25/2012 11:49:14 AM | Computer Name = Bob-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/25/2012 11:51:18 AM | Computer Name = Bob-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 7/25/2012 12:02:12 PM | Computer Name = Bob-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 7/25/2012 5:41:43 PM | Computer Name = Bob-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 7/26/2012 3:02:24 AM | Computer Name = Bob-PC | Source = MsiInstaller | ID = 11406
Description =

Error - 7/26/2012 3:02:28 AM | Computer Name = Bob-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 7/26/2012 5:23:22 PM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.54.0, time stamp 0x2a425e19,
faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05beb, exception
code 0xc0000005, fault offset 0x00016031, process id 0x4dc, application start time
0x01cd6afd68748a61.

[ Media Center Events ]
Error - 7/21/2012 9:36:58 PM | Computer Name = Bob-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/21/2012 9:39:21 PM | Computer Name = Bob-PC | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 7/25/2012 12:02:56 PM | Computer Name = Bob-PC | Source = WinDefend | ID = 2003
Description =

Error - 7/25/2012 12:02:56 PM | Computer Name = Bob-PC | Source = WinDefend | ID = 2001
Description =

Error - 7/25/2012 12:04:35 PM | Computer Name = Bob-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/26/2012 1:37:27 AM | Computer Name = Bob-PC | Source = WinDefend | ID = 2003
Description =

Error - 7/26/2012 1:37:27 AM | Computer Name = Bob-PC | Source = WinDefend | ID = 2001
Description =

Error - 7/26/2012 1:38:35 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/26/2012 1:54:48 AM | Computer Name = Bob-PC | Source = WinDefend | ID = 2003
Description =

Error - 7/26/2012 1:54:48 AM | Computer Name = Bob-PC | Source = WinDefend | ID = 2001
Description =

Error - 7/26/2012 1:55:15 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/26/2012 3:03:43 AM | Computer Name = Bob-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby Gary R » July 27th, 2012, 1:45 am

OK, despite all the problems with the logs, OTL appears to have pretty much done what I wanted it to.

There's still a few items to attend to though.

First

Temporarily disable McAfee

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE:64bit: - HKLM\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2178579362-4275671455-3174961323-1000\..\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
[2012/07/05 17:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/07/01 22:59:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/07/01 22:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/07/01 22:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/07/01 22:59:35 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/07/01 14:29:02 | 003,710,865 | ---- | M] (Microsoft Corporation) -- C:\Users\Bob\Desktop\mseinstall.exe.bzhlugc.partial
[2012/07/02 01:27:12 | 000,920,096 | ---- | C] () -- C:\Users\Bob\Desktop\Norton_Removal_Tool.exe
[2012/07/01 22:59:38 | 000,000,444 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bob.job

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with 'permissions'

Unread postby blackngold86 » July 27th, 2012, 2:05 pm

OTL fix log

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2178579362-4275671455-3174961323-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47737E1B-4C2E-4A26-A6F9-03C36CD369FF}\ not found.
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.5 folder moved successfully.
C:\Program Files (x86)\Norton Security Scan\Engine folder moved successfully.
C:\Program Files (x86)\Norton Security Scan folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\09\01 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\09 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35} folder moved successfully.
C:\Program Files (x86)\NortonInstaller folder moved successfully.
C:\Users\Public\Desktop\Norton Security Scan.lnk moved successfully.
C:\Users\Bob\Desktop\mseinstall.exe.bzhlugc.partial moved successfully.
C:\Users\Bob\Desktop\Norton_Removal_Tool.exe moved successfully.
C:\Windows\Tasks\Norton Security Scan for Bob.job moved successfully.

OTL by OldTimer - Version 3.2.54.0 log created on 07272012_135927
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby blackngold86 » July 27th, 2012, 6:16 pm

ESET log



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby blackngold86 » July 27th, 2012, 10:33 pm

everything seems to be working so far, can get updates! Guess only time will tell as far as downloading programs and such
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby Gary R » July 28th, 2012, 1:13 am

Well as far as your logs show, you are now clear of infection, time to remove the programs we've been using to clean your computer, and to update your java.

First

Let's clear out OTL and the files and folders it created.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete FRST and any log files it may have created.

Next

Download and install JDK 7 Update 5 (JDK or JRE).

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with 'permissions'

Unread postby blackngold86 » July 28th, 2012, 9:30 am

I keep getting a secutiry alert that Windows Firewall isn't turned on. Tried to start it through windows security alerts with no luck and tried manual start through Services with no luck, said to review system event log. Any ideas on that :?
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby Gary R » July 28th, 2012, 12:40 pm

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select only the following options ....
    • Windows Firewall
    • Security Center
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Question .... is your version of McAfee a suite, or just an Anti-Virus?

If it is a suite, then McAfee supplies the Firewall for your computer, and it will switch off Windows Firewall as a matter of course.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with 'permissions'

Unread postby blackngold86 » July 28th, 2012, 5:32 pm

It's the McAfee VirusScan Console, so anti-virus and anti-spyware. It is the version offered through the military and I'm not sure if they had the full McAfee as an option or not, but I can check it out. Here is the log:

Farbar Service Scanner Version: 26-07-2012
Ran by Bob (administrator) on 28-07-2012 at 17:28:39
Running from "C:\Users\Bob\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


Security Center:
============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\mpssvc.dll
[2010-03-17 19:41] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-03-17 19:40] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2010-03-17 19:40] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-03-17 19:41] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-03-17 19:41] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby Gary R » July 29th, 2012, 1:29 am

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:service
sharedaccess
mpssvc

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with 'permissions'

Unread postby blackngold86 » July 29th, 2012, 11:45 am

SystemLook 30.07.11 by jpshortstuff
Log created at 11:44 on 29/07/2012 by Bob
Administrator - Elevation successful

========== service ==========

sharedaccess
Internet Connection Sharing (ICS)
"Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
Current Status: Stopped
Startup Type: Disabled
Error Control: Unable to Determine
Binary: C:\Windows\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot: Network
Dependencies:
->Netman
->WinMgmt
->RasMan
->BFE
Dependant Services:
(none)

mpssvc
Windows Firewall
"Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Group: NetworkProvider
SafeBoot: Network Network(Group)
Dependencies:
->mpsdrv
->bfe
Dependant Services:
(none)

-= EOF =-
blackngold86
Regular Member
 
Posts: 20
Joined: July 22nd, 2012, 12:46 am

Re: Problems with 'permissions'

Unread postby Gary R » July 29th, 2012, 1:37 pm

OK, please do the following ....

  • Click Start
  • In the search programs and files box type Services.msc then hit Enter
  • This will open a Services window ....
    • Scroll down the list of services in the right window to find ... Internet connection sharing
    • Double click on it to open its properties box.
      • Set startup type to Automatic, then click OK.
    • Scroll down to ... Windows Firewall
    • Double click on it to open its properties box.
      • Set Service status: to Start then click OK.
  • Exit out of the Services window.

Are you still having problems with Windows Firewall prompts?

I'm going to be out for the rest of this evening, so it will probably be tomorrow morning (my time GMT) before I see your reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware