Jump to content

Searchq has taken over my IE8 searches


roxiemusic
 Share

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:14:50 AM, on 1/21/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe

O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15521 bytes

Link to comment
Share on other sites

Hello roxiemusic :wp:

 

My name is Satchfan and I would be glad to help you with your computer problem.

 

Please read the following guidelines which will help to make cleaning your machine easier:

 

please follow all instructions in the order posted

please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear

all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked

if you don't understand something, please don't hesitate to ask for clarification before proceeding

the fixes are specific to your problem and should only be used for this issue on this machine.

please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

 

Please DO NOT install/uninstall any programs unless asked to.

Please DO NOT run any scans other than those requested

 

I am looking at your log now and will reply with instructions shortly

 

Satchfan

Link to comment
Share on other sites

Run HijackThis

 

Open HijackThis and click Do a system scan only.

 

Place a check mark next to:

 

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:PROGRA~2WIA6EB~1DatamngrToolBarsearchqudtx.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:PROGRA~2WIA6EB~1DatamngrBROWSE~1.DLL

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:PROGRA~2WIA6EB~1DatamngrToolBarsearchqudtx.dll

O4 - HKLM..Run: [DATAMNGR] C:PROGRA~2WIA6EB~1DatamngrDATAMN~1.EXE

O20 - AppInit_DLLs: C:PROGRA~2WIA6EB~1Datamngrdatamngr.dll C:PROGRA~2WIA6EB~1DatamngrIEBHO.dll

 

Close all windows except for HijackThis and click Fix checked.

 

===================================================

 

Download and run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

     

    netsvcs

    %SYSTEMDRIVE%*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    nvraid.sys

    /md5stop

    %systemroot%*. /mp /s

    CREATERESTOREPOINT

    %systemroot%system32*.dll /lockedfiles

    %systemroot%Tasks*.job /lockedfiles

    %systemroot%system32drivers*.sys /lockedfiles

    %systemroot%System32config*.sav

    %systemroot%system32drivers*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
===================================================

 

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan

    on completion of the scan click Save log, save it to your desktop and post in your next reply.

Logs to include with next post:

 

OTL.txt

Extras.txt

aswMBR log

 

Thanks

 

Satchfan

Link to comment
Share on other sites

Thanks for the help here are my logs

OTL logfile created on: 1/22/2012 6:53:58 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersRoxanneDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.88% Memory free

3.49 Gb Paging File | 1.72 Gb Available in Paging File | 49.13% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 219.25 Gb Total Space | 137.04 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Drive D: | 13.33 Gb Total Space | 2.21 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive F: | 101.76 Mb Total Space | 98.29 Mb Free Space | 96.59% Space Free | Partition Type: FAT

 

Computer Name: LAPTOP | User Name: Roxanne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersRoxanneDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)Windows Searchqu ToolbarDatamngrdatamngrUI.exe (Bandoo Media, inc)

PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:WindowsSysWOW64MacromedFlashFlashUtil10s_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

PRC - C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

PRC - C:Program Files (x86)GoogleGoogle Calendar SyncGoogleCalendarSync.exe (Google)

PRC - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.)

PRC - C:Program Files (x86)Common FilesNuanceNaturallySpeaking10dgnuiasvr.exe (Nuance Communications, Inc.)

PRC - C:Program Files (x86)NuanceNaturallySpeaking10Programnatspeak.exe (Nuance Communications, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (STacSV) -- C:WindowsSysNativeDriverStoreFileRepositorystwrt64.inf_amd64_neutral_ccf0dd3cb081af84stacsv64.exe (IDT, Inc.)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AgereModemAudio) -- C:Program FilesLSI SoftModemagr64svc.exe (LSI Corporation)

SRV:64bit: - (AESTFilters) -- C:WindowsSysNativeDriverStoreFileRepositorystwrt64.inf_amd64_neutral_ccf0dd3cb081af84AESTSr64.exe (Andrea Electronics Corporation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (LMIMaint) -- C:Program Files (x86)LogMeInx64RaMaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:Program Files (x86)LogMeInx64LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

SRV - (LogMeIn) -- C:Program Files (x86)LogMeInx64LogMeIn.exe (LogMeIn, Inc.)

SRV - (HPDrvMntSvc.exe) -- C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (IntuitUpdateService) -- C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.)

SRV - (GameConsoleService) -- C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LMIRfsClientNP) -- C:WindowsSysNativeLMIRfsClientNP.dll (LogMeIn, Inc.)

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)

DRV:64bit: - (LMIRfsDriver) -- C:WindowsSysNativedriversLMIRfsDriver.sys (LogMeIn, Inc.)

DRV:64bit: - (lmimirr) -- C:WindowsSysNativedriverslmimirr.sys (LogMeIn, Inc.)

DRV:64bit: - (athr) -- C:WindowsSysNativedriversathrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (FTDIBUS) -- C:WindowsSysNativedriversftdibus.sys (FTDI Ltd.)

DRV:64bit: - (FTSER2K) -- C:WindowsSysNativedriversftser2k.sys (FTDI Ltd.)

DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:WindowsSysNativedriversrootmdm.sys (Microsoft Corporation)

DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:WindowsSysNativedriversHpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (AgereSoftModem) -- C:WindowsSysNativedriversagrsm64.sys (LSI Corporation)

DRV:64bit: - (usbfilter) -- C:WindowsSysNativedriversusbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (RimVSerPort) -- C:WindowsSysNativedriversRimSerial_AMD64.sys (Research in Motion Ltd)

DRV - (LMIInfo) -- C:Program Files (x86)LogMeInx64rainfo.sys (LogMeIn, Inc.)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQNOT/1

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQNOT/1

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Restore = http://www.google.com/

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2009/10/31 04:28:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2011/12/23 08:40:07 | 000,000,000 | ---D | M]

 

[2011/11/13 14:22:17 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/11/10 12:45:10 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

 

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBarsearchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:Program Files (x86)Windows Searchqu ToolbarDatamngrBrowserConnection.dll (Bandoo Media, inc)

O3:64bit: - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM..Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBarsearchqudtx.dll ()

O3 - HKLM..Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4:64bit: - HKLM..Run: [LogMeIn GUI] C:Program Files (x86)LogMeInx64LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [DATAMNGR] C:Program Files (x86)Windows Searchqu ToolbarDatamngrdatamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..Run: [DNS7reminder] C:Program Files (x86)NuanceNaturallySpeaking10EregEreg.exe (Nuance Communications, Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [startCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden File not found

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:UsersRoxanneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDragon NaturallySpeaking.lnk = C:Program Files (x86)NuanceNaturallySpeaking10Programnatspeak.exe (Nuance Communications, Inc.)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html File not found

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html File not found

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{1554F6A7-D38C-483A-928D-6EE74FA06F66}: DhcpNameServer = 209.244.0.3 209.244.0.4 4.2.2.2

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{F6696AEB-8B9F-48BD-9821-6AC3BD641B68}: DhcpNameServer = 192.168.1.254

O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlermso-offdap11 - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - AppInit_DLLs: (C:PROGRA~2WIA6EB~1Datamngrx64datamngr.dll) - C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:PROGRA~2WIA6EB~1Datamngrx64IEBHO.dll) - C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:PROGRA~2WIA6EB~1Datamngrdatamngr.dll) -C:Program Files (x86)Windows Searchqu ToolbarDatamngrdatamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:PROGRA~2WIA6EB~1DatamngrIEBHO.dll) -C:Program Files (x86)Windows Searchqu ToolbarDatamngrIEBHO.dll (Bandoo Media, inc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/22 06:51:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersRoxanneDesktopOTL.exe

[2012/01/21 08:07:36 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/01/21 08:07:35 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/01/20 20:40:37 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingMalwarebytes

[2012/01/20 20:40:29 | 000,000,000 | ---D | C] -- C:Program Files (x86)MALWAREBYTES ANTI-MALWARE

[2012/01/20 20:40:27 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/01/20 20:40:26 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2012/01/20 20:40:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/01/20 20:40:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2012/01/20 19:09:45 | 000,000,000 | ---D | C] -- C:Program Files (x86)Windows Searchqu Toolbar

[2012/01/20 19:09:30 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64COMCT232.OCX

[2012/01/20 19:09:28 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudDesign.dll

[2012/01/20 19:09:28 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudFile.dll

[2012/01/20 19:09:28 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioInfos.dll

[2012/01/20 19:09:28 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioVisu.dll

[2012/01/20 19:09:28 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudPlayer.dll

[2012/01/20 19:09:28 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioRecord.dll

[2012/01/20 19:09:28 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudDisplay.dll

[2012/01/20 19:09:28 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64WMAFile.dll

[2012/01/20 19:09:28 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64TABCTL32.OCX

[2012/01/20 19:09:28 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6FR.DLL

[2012/01/20 19:09:28 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msinet.OCX

[2012/01/20 19:09:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6STKIT.DLL

[2012/01/20 19:09:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64TABCTFR.DLL

[2012/01/20 19:09:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetfr.DLL

[2012/01/20 19:09:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCOMCT2.OCX

[2012/01/20 19:09:27 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCMCFR.DLL

[2012/01/20 19:09:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64Mscc2fr.dll

[2012/01/20 19:09:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64CMDLGFR.DLL

[2012/01/20 19:09:26 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingFreeAudioPack

[2012/01/20 19:09:26 | 000,000,000 | ---D | C] -- C:Program Files (x86)Free mp3 Wma Converter

[2012/01/20 07:14:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/01/20 07:14:04 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/01/20 07:14:03 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/01/20 07:14:03 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/01/19 20:18:54 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataLocal{DB22B22F-0C60-4E63-B471-78C2238C5FE6}

[2012/01/19 20:18:41 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataLocal{D51B9BEF-99AB-41B0-923F-4C00A4ED953D}

[2012/01/16 07:20:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecur32.dll

[2012/01/16 07:20:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesspicli.dll

[2012/01/16 07:20:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesspisrv.dll

[2012/01/16 07:20:19 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll

[2012/01/16 07:20:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewebio.dll

[2012/01/16 07:20:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64webio.dll

[2012/01/11 07:51:57 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentdll.dll

[2012/01/11 07:51:47 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativequartz.dll

[2012/01/11 07:51:47 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64quartz.dll

[2012/01/11 07:51:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64qdvd.dll

[2012/01/11 07:51:46 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeqdvd.dll

[2012/01/11 07:51:37 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/01/11 07:51:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/01/11 07:24:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepackager.dll

[2012/01/11 07:24:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64packager.dll

[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/22 06:51:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersRoxanneDesktopOTL.exe

[2012/01/22 06:41:08 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/01/21 19:03:24 | 000,364,006 | ---- | M] () -- C:WindowsSysNativedriversAVGiavichjg.avm

[2012/01/21 08:25:11 | 087,154,889 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/21 08:14:50 | 000,015,523 | ---- | M] () -- C:UsersRoxanneDesktophijackthis 1

[2012/01/21 08:07:36 | 000,002,985 | ---- | M] () -- C:UsersRoxanneDesktopHiJackThis.lnk

[2012/01/21 07:59:32 | 001,402,880 | ---- | M] () -- C:UsersRoxanneDesktopHiJackThis.msi

[2012/01/21 07:22:28 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 07:22:28 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 07:19:22 | 000,730,448 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/01/21 07:19:22 | 000,627,316 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/01/21 07:19:22 | 000,107,600 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/01/21 07:13:46 | 1406,296,064 | -HS- | M] () -- C:hiberfil.sys

[2012/01/20 07:14:36 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/01/18 22:02:04 | 000,012,055 | ---- | M] () -- C:UsersRoxanneDesktopimagesCAV3JJGT.jpg

[2012/01/12 19:27:18 | 000,002,014 | ---- | M] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2012/01/11 20:54:37 | 000,000,340 | ---- | M] () -- C:WindowstasksHPCeeScheduleForRoxanne.job

[2012/01/02 13:26:38 | 000,070,233 | ---- | M] () -- C:UsersRoxanneDesktopnewyears1.jpg

[2011/12/24 06:50:36 | 000,182,955 | ---- | M] () -- C:UsersRoxanneDesktopHamlin badge letter.pdf

[2011/12/23 08:40:07 | 000,000,965 | ---- | M] () -- C:UsersPublicDesktopAVG 2012.lnk

[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/01/21 08:14:50 | 000,015,523 | ---- | C] () -- C:UsersRoxanneDesktophijackthis 1

[2012/01/21 08:07:36 | 000,002,985 | ---- | C] () -- C:UsersRoxanneDesktopHiJackThis.lnk

[2012/01/21 07:59:29 | 001,402,880 | ---- | C] () -- C:UsersRoxanneDesktopHiJackThis.msi

[2012/01/20 19:09:28 | 000,116,296 | ---- | C] () -- C:WindowsSysWow64NCTWMAProfiles.prx

[2012/01/20 07:14:36 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/01/19 20:18:09 | 000,012,055 | ---- | C] () -- C:UsersRoxanneDesktopimagesCAV3JJGT.jpg

[2012/01/12 19:27:18 | 000,002,441 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader 9.lnk

[2012/01/12 19:27:18 | 000,002,014 | ---- | C] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2012/01/02 13:28:56 | 000,070,233 | ---- | C] () -- C:UsersRoxanneDesktopnewyears1.jpg

[2011/12/24 06:50:36 | 000,182,955 | ---- | C] () -- C:UsersRoxanneDesktopHamlin badge letter.pdf

[2011/09/29 20:56:46 | 000,000,000 | ---- | C] () -- C:UsersRoxanneAppDataRoamingwklnhst.dat

[2011/06/18 06:05:38 | 000,044,544 | ---- | C] () -- C:WindowsSysWow64Gif89.dll

[2011/01/25 19:53:53 | 000,004,096 | -H-- | C] () -- C:UsersRoxanneAppDataLocalkeyfile3.drm

[2011/01/08 15:16:02 | 000,019,456 | ---- | C] () -- C:UsersRoxanneAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/28 14:00:12 | 000,012,800 | ---- | C] () -- C:WindowsLPRES.DLL

[2010/09/10 16:46:47 | 000,170,081 | ---- | C] () -- C:Windowshpoins14.dat

[2010/09/10 16:46:47 | 000,001,498 | ---- | C] () -- C:Windowshpomdl14.dat

[2010/07/27 14:14:25 | 000,038,434 | ---- | C] () -- C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).ADR

[2010/07/07 22:36:25 | 000,000,256 | ---- | C] () -- C:WindowsSysWow64pool.bin

[2010/07/07 09:05:48 | 000,006,382 | ---- | C] () -- C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).EML

[2010/07/07 07:11:05 | 000,008,103 | ---- | C] () -- C:UsersRoxanneAppDataRoamingcontacts2.csv.1097935.xml

[2010/07/07 07:11:05 | 000,000,519 | ---- | C] () -- C:UsersRoxanneAppDataRoamingBCMMappings.xml

[2010/06/13 11:48:16 | 000,002,315 | ---- | C] () -- C:UsersRoxanneAppDataRoamingSAS7_000.DAT

[2010/06/04 17:35:50 | 000,747,538 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2010/03/31 13:02:50 | 000,000,000 | ---- | C] () -- C:Windowsativpsrm.bin

[2010/03/31 12:57:34 | 000,000,282 | ---- | C] () -- C:WindowsSysWow64RStoneLog2.ini

[2010/03/31 12:57:34 | 000,000,223 | ---- | C] () -- C:WindowsSysWow64RStoneLog.ini

[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:WindowsSysWow64ractrlkeyhook.dll

[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:WindowsLPRES(47).DLL

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll

[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:WindowsSysWow64igkrng400.bin

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

 

========== LOP Check ==========

 

[2010/10/24 06:41:28 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingAVG10

[2011/10/13 15:54:36 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingAVG2012

[2011/11/11 16:11:11 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingcom.Shutterfly.ExpressUploader

[2011/01/02 15:19:31 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingcom.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1

[2011/02/27 21:20:36 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingDVDVideoSoft

[2011/06/17 17:55:00 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingFlip Video

[2012/01/20 19:10:08 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingFreeAudioPack

[2010/07/28 19:55:26 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingGARMIN

[2010/06/12 12:17:28 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingICAClient

[2010/11/11 22:48:08 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoaminginkscape

[2010/06/16 15:21:22 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingiWin

[2010/06/13 11:19:16 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingNuance

[2010/08/06 17:11:18 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingOverDrive

[2011/09/29 20:56:49 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingTemplate

[2010/12/19 12:54:03 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingW Photo Studio Viewer

[2010/06/15 19:49:46 | 000,000,000 | ---D | M] -- C:UsersRoxanneAppDataRoamingWildTangent

[2011/12/02 22:49:17 | 000,032,642 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.exe >

[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:install.exe

 

 

< MD5 for: AGP440.SYS >

[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:WindowsSysNativedriversAGP440.sys

[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:WindowsSysNativeDriverStoreFileRepositorymachine.inf_amd64_neutral_a2f120466549d68bAGP440.sys

[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021AGP440.sys

[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bbAGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:WindowsSysNativedriversatapi.sys

[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:WindowsSysNativeDriverStoreFileRepositorymshdc.inf_amd64_neutral_aad30bdeec04ea5eatapi.sys

[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543atapi.sys

[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958ddatapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:WindowsSysWOW64cngaudit.dll

[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132bcngaudit.dll

[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:WindowsSysNativecngaudit.dll

[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461cngaudit.dll

 

< MD5 for: EVENTLOG.DLL >

[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:Program Files (x86)CyberLinkPowerDirectorEventLog.dll

 

< MD5 for: IASTORV.SYS >

[2010/11/20 07:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:WindowsSysNativeDriverStoreFileRepositoryiastorv.inf_amd64_neutral_668286aa35d55928iaStorV.sys

[2010/11/20 07:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0iaStorV.sys

[2011/03/11 00:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5iaStorV.sys

[2011/03/11 00:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:WindowsSysNativedriversiaStorV.sys

[2011/03/11 00:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:WindowsSysNativeDriverStoreFileRepositoryiastorv.inf_amd64_neutral_0bcee2057afcc090iaStorV.sys

[2011/03/11 00:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787biaStorV.sys

[2011/03/11 00:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6iaStorV.sys

[2011/03/11 00:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1iaStorV.sys

[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefenetlogon.dll

[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:WindowsSysNativenetlogon.dll

[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298netlogon.dll

[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:WindowsSysWOW64netlogon.dll

[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493netlogon.dll

[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9netlogon.dll

 

< MD5 for: NVRAID.SYS >

[2011/03/11 00:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:WindowsSysNativedriversnvraid.sys

[2011/03/11 00:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:WindowsSysNativeDriverStoreFileRepositorynvraid.inf_amd64_neutral_0276fc3b3ea60d41nvraid.sys

[2011/03/11 00:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253nvraid.sys

[2009/07/13 19:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0envraid.sys

[2010/11/20 07:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:WindowsSysNativeDriverStoreFileRepositorynvraid.inf_amd64_neutral_dd659ed032d28a14nvraid.sys

[2010/11/20 07:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8nvraid.sys

[2011/03/11 00:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cadnvraid.sys

[2011/03/11 00:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbenvraid.sys

[2011/03/11 00:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99nvraid.sys

 

< MD5 for: NVSTOR.SYS >

[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0envstor.sys

[2011/03/11 00:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbenvstor.sys

[2011/03/11 00:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99nvstor.sys

[2011/03/11 00:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cadnvstor.sys

[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:WindowsSysNativedriversnvstor.sys

[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:WindowsSysNativeDriverStoreFileRepositorynvraid.inf_amd64_neutral_0276fc3b3ea60d41nvstor.sys

[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253nvstor.sys

[2010/11/20 07:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:WindowsSysNativeDriverStoreFileRepositorynvraid.inf_amd64_neutral_dd659ed032d28a14nvstor.sys

[2010/11/20 07:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4scecli.dll

[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9scecli.dll

[2010/11/20 06:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:WindowsSysWOW64scecli.dll

[2010/11/20 06:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4escecli.dll

[2010/11/20 07:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:WindowsSysNativescecli.dll

[2010/11/20 07:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953scecli.dll

 

< %systemroot%*. /mp /s >

 

< %systemroot%system32*.dll /lockedfiles >

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%System32config*.sav >

 

< %systemroot%system32drivers*.sys /90 >

 

< >

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 205 bytes -> C:ProgramDataTemp:F35A93AD

@Alternate Data Stream - 143 bytes -> C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).EML:OECustomProperty

@Alternate Data Stream - 135 bytes -> C:ProgramDataTemp:7631EA83

 

< End of report >

 

OTL Extras logfile created on: 1/22/2012 6:53:59 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersRoxanneDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.88% Memory free

3.49 Gb Paging File | 1.72 Gb Available in Paging File | 49.13% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 219.25 Gb Total Space | 137.04 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Drive D: | 13.33 Gb Total Space | 2.21 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive F: | 101.76 Mb Total Space | 98.29 Mb Free Space | 96.59% Space Free | Partition Type: FAT

 

Computer Name: LAPTOP | User Name: Roxanne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012

"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012

"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"AVG" = AVG 2012

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"LSI Soft Modem" = LSI HDA Modem

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MAC

Link to comment
Share on other sites

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software

Run date: 2012-01-22 07:17:01

-----------------------------

07:17:01.828 OS Version: Windows x64 6.1.7601 Service Pack 1

07:17:01.828 Number of processors: 1 586 0x602

07:17:01.828 ComputerName: LAPTOP UserName:

07:17:06.883 Initialize success

07:19:56.262 AVAST engine defs: 12012200

07:20:18.476 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

07:20:18.476 Disk 0 Vendor: WDC_WD2500BEKT-60V5T1 12.01A12 Size: 238475MB BusType: 11

07:20:18.492 Disk 0 MBR read successfully

07:20:18.507 Disk 0 MBR scan

07:20:18.523 Disk 0 unknown MBR code

07:20:18.539 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 188 MB offset 2048

07:20:18.554 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224516 MB offset 387072

07:20:18.570 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13655 MB offset 460195840

07:20:18.601 Disk 0 Partition 4 00 0E FAT16 LBA MSWIN4.1 101 MB offset 488167155

07:20:18.601 Service scanning

07:20:20.520 Modules scanning

07:20:20.551 Disk 0 trace - called modules:

07:20:20.582 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

07:20:20.582 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa80024bf5b0]

07:20:20.925 3 CLASSPNP.SYS[fffff8800105a43f] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa8002479060]

07:20:22.017 AVAST engine scan C:Windows

07:20:24.513 AVAST engine scan C:Windowssystem32

07:22:28.939 AVAST engine scan C:Windowssystem32drivers

07:22:43.120 AVAST engine scan C:UsersRoxanne

07:23:28.782 Disk 0 MBR has been saved successfully to "C:UsersRoxanneDesktopMBR.dat"

07:23:28.798 The log file has been saved successfully to "C:UsersRoxanneDesktopaswMBR_1.txt"

Link to comment
Share on other sites

OTL Extras logfile created on: 1/22/2012 6:53:59 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersRoxanneDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.88% Memory free

3.49 Gb Paging File | 1.72 Gb Available in Paging File | 49.13% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 219.25 Gb Total Space | 137.04 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

Drive D: | 13.33 Gb Total Space | 2.21 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive F: | 101.76 Mb Total Space | 98.29 Mb Free Space | 96.59% Space Free | Partition Type: FAT

 

Computer Name: LAPTOP | User Name: Roxanne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012

"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012

"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"AVG" = AVG 2012

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"LSI Soft Modem" = LSI HDA Modem

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 29

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Cricut DesignStudio" = Cricut DesignStudio

"Google Calendar Sync" = Google Calendar Sync

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Smart Web Printing" = HP Smart Web Printing

"Inkscape" = Inkscape 0.48.0

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"PROR" = Microsoft Office Professional 2007

"SCAL Lib It Up 2_is1" = SCAL Lib It Up 2.000

"Sure Cuts A Lot 3_is1" = Sure Cuts A Lot 3.007

"Sure Cuts A Lot_is1" = Sure Cuts A Lot 1.016

"TurboTax 2010" = TurboTax 2010

"WildTangent hp Master Uninstall" = HP Games

"Windows Searchqu Toolbar" = Windows Searchqu Toolbar

"WinLiveSuite" = Windows Live Essentials

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 7/13/2011 7:11:10 AM | Computer Name = Laptop | Source = VSS | ID = 8193

Description =

 

Error - 7/14/2011 6:51:55 AM | Computer Name = Laptop | Source = VSS | ID = 8193

Description =

 

Error - 7/14/2011 7:47:51 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:Program Files (x86)Common

FilesAdobe AIRVersions1.0Adobe AIR.dll".Error in manifest or policy file "c:Program

Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

 

Error - 7/18/2011 8:47:34 PM | Computer Name = Laptop | Source = Microsoft Office 12 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 7/21/2011 8:49:18 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:Program Files (x86)Common

FilesAdobe AIRVersions1.0Adobe AIR.dll".Error in manifest or policy file "c:Program

Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

 

Error - 7/21/2011 8:54:18 AM | Computer Name = Laptop | Source = VSS | ID = 8193

Description =

 

Error - 7/21/2011 1:50:19 PM | Computer Name = Laptop | Source = Microsoft Office 12 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 7/22/2011 9:38:56 AM | Computer Name = Laptop | Source = Microsoft Office 12 | ID = 2001

Description = Rejected Safe Mode action : Microsoft Office Outlook.

 

Error - 7/22/2011 11:45:07 AM | Computer Name = Laptop | Source = Application Error | ID = 1000

Description = Faulting application name: SCAL Lib It Up 2.exe, version: 1.0.0.1,

time stamp: 0x4b47b507 Faulting module name: SCAL Lib It Up 2.exe, version: 1.0.0.1,

time stamp: 0x4b47b507 Exception code: 0xc0000005 Fault offset: 0x00142289 Faulting

process id: 0x15a4 Faulting application start time: 0x01cc4884519ed3e3 Faulting application

path: C:Program Files (x86)Craft EdgeSCAL Lib It Up 2SCAL Lib It Up 2.exe Faulting

module path: C:Program Files (x86)Craft EdgeSCAL Lib It Up 2SCAL Lib It Up

2.exe Report Id: 92ea518e-b479-11e0-98aa-00269ee151c8

 

Error - 7/24/2011 1:27:08 AM | Computer Name = Laptop | Source = Application Error | ID = 1000

Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6557.5001, time

stamp: 0x4db1d555 Faulting module name: mso.dll, version: 12.0.6554.5001, time stamp:

0x4d5c1bbb Exception code: 0xc0000005 Fault offset: 0x00025938 Faulting process id:

0x189c Faulting application start time: 0x01cc49c251f15b6e Faulting application path:

C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE Faulting module path:

C:Program Files (x86)Common FilesMicrosoft Sharedoffice12mso.dll Report Id:

92c0160a-b5b5-11e0-9207-00269ee151c8

 

[ Hewlett-Packard Events ]

Error - 8/25/2010 5:38:34 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:Program Files (x86)Hewlett-PackardHP

Support FrameworkLogsSystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

 

Error - 9/8/2010 6:08:23 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = en-US Process must exit before requested information can be determined.

System

at System.Diagnostics.Process.EnsureState(State state) at System.Diagnostics.Process.get_ExitCode()

at g.a(FixableIssues[] A_0)

 

Error - 10/13/2010 10:16:45 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry101013091627.xml

File not created by asset agent

 

Error - 11/3/2010 9:23:22 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry111003082317.xml

File not created by asset agent

 

Error - 11/10/2010 7:46:05 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry111010054559.xml

File not created by asset agent

 

Error - 12/1/2010 8:38:46 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry121001063841.xml

File not created by asset agent

 

Error - 12/22/2010 7:36:16 PM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry121022053611.xml

File not created by asset agent

 

Error - 12/30/2010 1:50:36 AM | Computer Name = Laptop | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:ProgramDataHewlett-PackardHP Support FrameworkTelemetry121029115030.xml

File not created by asset agent

 

[ Media Center Events ]

Error - 10/2/2010 6:58:50 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0

Description = 5:57:44 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 

[ OSession Events ]

Error - 6/6/2010 3:24:43 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 527

seconds with 180 seconds of active time. This session ended with a crash.

 

Error - 9/7/2010 7:16:25 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 83950

seconds with 120 seconds of active time. This session ended with a crash.

 

Error - 12/30/2010 6:53:27 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 7/24/2011 1:27:07 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 10/17/2011 9:54:29 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 12/8/2011 10:07:53 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 12/15/2011 4:05:24 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 1/12/2012 9:05:34 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 1/17/2012 9:12:45 AM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/17/2012 8:55:58 PM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/18/2012 10:09:45 AM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/18/2012 11:33:38 PM | Computer Name = Laptop | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 1/19/2012 4:18:05 PM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/20/2012 6:54:04 PM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/20/2012 9:33:04 PM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

Error - 1/20/2012 10:56:11 PM | Computer Name = Laptop | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 1/21/2012 9:13:50 AM | Computer Name = Laptop | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 1/21/2012 4:00:08 PM | Computer Name = Laptop | Source = atikmdag | ID = 52250

Description = CPLIB :: OPM - Failed the HFS

 

 

< End of report >

Link to comment
Share on other sites

Thanks for the logs roxiemusic

 

You have quite a lot of infection but we’ll clean it all up.

 

===================================================

 

Uninstall the following program:

 

Windows Searchqu Toolbar

 

1. From the Start menu, select Control Panel.

2. In Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.

3. Select the program you want to remove, and click Uninstall. Alternatively, right-click the program and select Uninstall.

===================================================

 

Run OTL

  • Double click on the icon to run it.
  • Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    PRC - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O2:[b]64bit:[/b] - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. –
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] (Reg Error: Key error.)
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/01/20 19:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
    
    :Files
    C:\Program Files (x86)\Windows Searchqu Toolbar
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Logs to include with next post:

 

OTL fix log

New OTL log

 

Thanks

 

Satchfan

Link to comment
Share on other sites

All processes killed

========== OTL ==========

No active process named Program Files was found!

64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D717F81-9148-4f12-8568-69135F087DB0} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D717F81-9148-4f12-8568-69135F087DB0} not found.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64BrowserConnection.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBarsearchqudtx.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D717F81-9148-4f12-8568-69135F087DB0} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D717F81-9148-4f12-8568-69135F087DB0} not found.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrBrowserConnection.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} not found.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBarsearchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunDATAMNGR not found.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrdatamngrUI.exe not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:WindowsDownloaded Program Filesgp.inf not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.

64bit-Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_Dlls:C:PROGRA~2WIA6EB~1Datamngrx64datamngr.dll deleted successfully.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64datamngr.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_Dlls:C:PROGRA~2WIA6EB~1Datamngrx64IEBHO.dll deleted successfully.

File C:Program Files (x86)Windows Searchqu ToolbarDatamngrx64IEBHO.dll not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_Dlls:C:PROGRA~2WIA6EB~1Datamngrdatamngr.dll deleted successfully.

File pInit_DLLs: (C:PROGRA~2WIA6EB~1Datamngrdatamngr.dll) -C:Program Files (x86)Windows Searchqu ToolbarDatamngrdatamngr.dll not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_Dlls:C:PROGRA~2WIA6EB~1DatamngrIEBHO.dll deleted successfully.

File pInit_DLLs: (C:PROGRA~2WIA6EB~1DatamngrIEBHO.dll) -C:Program Files (x86)Windows Searchqu ToolbarDatamngrIEBHO.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadWebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadWebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.

Folder C:Program Files (x86)Windows Searchqu Toolbar not found.

========== FILES ==========

FileFolder C:Program Files (x86)Windows Searchqu Toolbar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Aidan James Hamlin

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Roxanne

->Temp folder emptied: 4333376416 bytes

->Temporary Internet Files folder emptied: 683153076 bytes

->Java cache emptied: 9384281 bytes

->Flash cache emptied: 64588 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 294660 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 295743840 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 181830 bytes

 

Total Files Cleaned = 5,076.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_124745

FilesFolders moved on Reboot...

C:UsersRoxanneAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to comment
Share on other sites

OTL logfile created on: 1/23/2012 1:06:49 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersRoxanneDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 35.42% Memory free

3.49 Gb Paging File | 1.81 Gb Available in Paging File | 51.77% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 219.25 Gb Total Space | 141.54 Gb Free Space | 64.55% Space Free | Partition Type: NTFS

Drive D: | 13.33 Gb Total Space | 2.21 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive F: | 101.76 Mb Total Space | 98.29 Mb Free Space | 96.59% Space Free | Partition Type: FAT

 

Computer Name: LAPTOP | User Name: Roxanne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersRoxanneDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

PRC - C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

PRC - C:Program Files (x86)GoogleGoogle Calendar SyncGoogleCalendarSync.exe (Google)

PRC - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.)

PRC - C:Program Files (x86)Common FilesNuanceNaturallySpeaking10dgnuiasvr.exe (Nuance Communications, Inc.)

PRC - C:Program Files (x86)NuanceNaturallySpeaking10Programnatspeak.exe (Nuance Communications, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (STacSV) -- C:WindowsSysNativeDriverStoreFileRepositorystwrt64.inf_amd64_neutral_ccf0dd3cb081af84stacsv64.exe (IDT, Inc.)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AgereModemAudio) -- C:Program FilesLSI SoftModemagr64svc.exe (LSI Corporation)

SRV:64bit: - (AESTFilters) -- C:WindowsSysNativeDriverStoreFileRepositorystwrt64.inf_amd64_neutral_ccf0dd3cb081af84AESTSr64.exe (Andrea Electronics Corporation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (LMIMaint) -- C:Program Files (x86)LogMeInx64RaMaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:Program Files (x86)LogMeInx64LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

SRV - (LogMeIn) -- C:Program Files (x86)LogMeInx64LogMeIn.exe (LogMeIn, Inc.)

SRV - (HPDrvMntSvc.exe) -- C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (IntuitUpdateService) -- C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.)

SRV - (GameConsoleService) -- C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LMIRfsClientNP) -- C:WindowsSysNativeLMIRfsClientNP.dll (LogMeIn, Inc.)

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)

DRV:64bit: - (LMIRfsDriver) -- C:WindowsSysNativedriversLMIRfsDriver.sys (LogMeIn, Inc.)

DRV:64bit: - (lmimirr) -- C:WindowsSysNativedriverslmimirr.sys (LogMeIn, Inc.)

DRV:64bit: - (athr) -- C:WindowsSysNativedriversathrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (FTDIBUS) -- C:WindowsSysNativedriversftdibus.sys (FTDI Ltd.)

DRV:64bit: - (FTSER2K) -- C:WindowsSysNativedriversftser2k.sys (FTDI Ltd.)

DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:WindowsSysNativedriversrootmdm.sys (Microsoft Corporation)

DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:WindowsSysNativedriversHpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (AgereSoftModem) -- C:WindowsSysNativedriversagrsm64.sys (LSI Corporation)

DRV:64bit: - (usbfilter) -- C:WindowsSysNativedriversusbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (RimVSerPort) -- C:WindowsSysNativedriversRimSerial_AMD64.sys (Research in Motion Ltd)

DRV - (LMIInfo) -- C:Program Files (x86)LogMeInx64rainfo.sys (LogMeIn, Inc.)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQNOT/1

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQNOT/1

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Restore = http://www.google.com/

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2009/10/31 04:28:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2011/12/23 08:40:07 | 000,000,000 | ---D | M]

 

[2011/11/13 14:22:17 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/11/10 12:45:10 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

 

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O4:64bit: - HKLM..Run: [LogMeIn GUI] C:Program Files (x86)LogMeInx64LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [DNS7reminder] C:Program Files (x86)NuanceNaturallySpeaking10EregEreg.exe (Nuance Communications, Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [startCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden File not found

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:UsersRoxanneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDragon NaturallySpeaking.lnk = C:Program Files (x86)NuanceNaturallySpeaking10Programnatspeak.exe (Nuance Communications, Inc.)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html File not found

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html File not found

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{1554F6A7-D38C-483A-928D-6EE74FA06F66}: DhcpNameServer = 209.244.0.3 209.244.0.4 4.2.2.2

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{F6696AEB-8B9F-48BD-9821-6AC3BD641B68}: DhcpNameServer = 192.168.1.254

O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlermso-offdap11 - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O27:64bit: - HKLM IFEOehshell.exe: Debugger - C:Program Files (x86)LogMeInx64LogMeInSystray.exe (LogMeIn, Inc.)

O27 - HKLM IFEOehshell.exe: Debugger - C:Program Files (x86)LogMeInx64LogMeInSystray.exe (LogMeIn, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/23 12:47:45 | 000,000,000 | ---D | C] -- C:_OTL

[2012/01/22 07:27:40 | 000,000,000 | ---D | C] -- C:UsersRoxanneDesktopPosted Logs

[2012/01/22 07:16:16 | 004,713,472 | ---- | C] (AVAST Software) -- C:UsersRoxanneDesktopaswMBR.exe

[2012/01/22 06:51:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersRoxanneDesktopOTL.exe

[2012/01/21 08:07:36 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/01/21 08:07:35 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/01/20 20:40:37 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingMalwarebytes

[2012/01/20 20:40:29 | 000,000,000 | ---D | C] -- C:Program Files (x86)MALWAREBYTES ANTI-MALWARE

[2012/01/20 20:40:27 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/01/20 20:40:26 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2012/01/20 20:40:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/01/20 20:40:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2012/01/20 19:09:30 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64COMCT232.OCX

[2012/01/20 19:09:28 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudDesign.dll

[2012/01/20 19:09:28 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudFile.dll

[2012/01/20 19:09:28 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioInfos.dll

[2012/01/20 19:09:28 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioVisu.dll

[2012/01/20 19:09:28 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudPlayer.dll

[2012/01/20 19:09:28 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudioRecord.dll

[2012/01/20 19:09:28 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64AudDisplay.dll

[2012/01/20 19:09:28 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:WindowsSysWow64WMAFile.dll

[2012/01/20 19:09:28 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64TABCTL32.OCX

[2012/01/20 19:09:28 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6FR.DLL

[2012/01/20 19:09:28 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msinet.OCX

[2012/01/20 19:09:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6STKIT.DLL

[2012/01/20 19:09:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64TABCTFR.DLL

[2012/01/20 19:09:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetfr.DLL

[2012/01/20 19:09:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCOMCT2.OCX

[2012/01/20 19:09:27 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCMCFR.DLL

[2012/01/20 19:09:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64Mscc2fr.dll

[2012/01/20 19:09:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64CMDLGFR.DLL

[2012/01/20 19:09:26 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataRoamingFreeAudioPack

[2012/01/20 19:09:26 | 000,000,000 | ---D | C] -- C:Program Files (x86)Free mp3 Wma Converter

[2012/01/20 07:14:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/01/20 07:14:04 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/01/20 07:14:03 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/01/20 07:14:03 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/01/19 20:18:54 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataLocal{DB22B22F-0C60-4E63-B471-78C2238C5FE6}

[2012/01/19 20:18:41 | 000,000,000 | ---D | C] -- C:UsersRoxanneAppDataLocal{D51B9BEF-99AB-41B0-923F-4C00A4ED953D}

[2012/01/16 07:20:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecur32.dll

[2012/01/16 07:20:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesspicli.dll

[2012/01/16 07:20:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesspisrv.dll

[2012/01/16 07:20:19 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll

[2012/01/16 07:20:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewebio.dll

[2012/01/16 07:20:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64webio.dll

[2012/01/11 07:51:57 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentdll.dll

[2012/01/11 07:51:47 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativequartz.dll

[2012/01/11 07:51:47 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64quartz.dll

[2012/01/11 07:51:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64qdvd.dll

[2012/01/11 07:51:46 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeqdvd.dll

[2012/01/11 07:51:37 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/01/11 07:51:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/01/11 07:24:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepackager.dll

[2012/01/11 07:24:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64packager.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/23 13:02:57 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/23 13:02:57 | 000,023,248 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/23 12:59:47 | 000,730,448 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/01/23 12:59:47 | 000,627,316 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/01/23 12:59:47 | 000,107,600 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/01/23 12:55:13 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/01/23 12:55:06 | 1406,296,064 | -HS- | M] () -- C:hiberfil.sys

[2012/01/23 10:51:15 | 087,259,922 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/22 07:16:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:UsersRoxanneDesktopaswMBR.exe

[2012/01/22 06:51:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersRoxanneDesktopOTL.exe

[2012/01/21 19:03:24 | 000,364,006 | ---- | M] () -- C:WindowsSysNativedriversAVGiavichjg.avm

[2012/01/21 08:07:36 | 000,002,985 | ---- | M] () -- C:UsersRoxanneDesktopHiJackThis.lnk

[2012/01/21 07:59:32 | 001,402,880 | ---- | M] () -- C:UsersRoxanneDesktopHiJackThis.msi

[2012/01/20 07:14:36 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/01/18 22:02:04 | 000,012,055 | ---- | M] () -- C:UsersRoxanneDesktopimagesCAV3JJGT.jpg

[2012/01/12 19:27:18 | 000,002,014 | ---- | M] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2012/01/11 20:54:37 | 000,000,340 | ---- | M] () -- C:WindowstasksHPCeeScheduleForRoxanne.job

[2012/01/02 13:26:38 | 000,070,233 | ---- | M] () -- C:UsersRoxanneDesktopnewyears1.jpg

 

========== Files Created - No Company Name ==========

 

[2012/01/21 08:07:36 | 000,002,985 | ---- | C] () -- C:UsersRoxanneDesktopHiJackThis.lnk

[2012/01/21 07:59:29 | 001,402,880 | ---- | C] () -- C:UsersRoxanneDesktopHiJackThis.msi

[2012/01/20 19:09:28 | 000,116,296 | ---- | C] () -- C:WindowsSysWow64NCTWMAProfiles.prx

[2012/01/20 07:14:36 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/01/19 20:18:09 | 000,012,055 | ---- | C] () -- C:UsersRoxanneDesktopimagesCAV3JJGT.jpg

[2012/01/12 19:27:18 | 000,002,441 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Reader 9.lnk

[2012/01/12 19:27:18 | 000,002,014 | ---- | C] () -- C:UsersPublicDesktopAdobe Reader 9.lnk

[2012/01/02 13:28:56 | 000,070,233 | ---- | C] () -- C:UsersRoxanneDesktopnewyears1.jpg

[2011/09/29 20:56:46 | 000,000,000 | ---- | C] () -- C:UsersRoxanneAppDataRoamingwklnhst.dat

[2011/06/18 06:05:38 | 000,044,544 | ---- | C] () -- C:WindowsSysWow64Gif89.dll

[2011/01/25 19:53:53 | 000,004,096 | -H-- | C] () -- C:UsersRoxanneAppDataLocalkeyfile3.drm

[2011/01/08 15:16:02 | 000,019,456 | ---- | C] () -- C:UsersRoxanneAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/28 14:00:12 | 000,012,800 | ---- | C] () -- C:WindowsLPRES.DLL

[2010/09/10 16:46:47 | 000,170,081 | ---- | C] () -- C:Windowshpoins14.dat

[2010/09/10 16:46:47 | 000,001,498 | ---- | C] () -- C:Windowshpomdl14.dat

[2010/07/27 14:14:25 | 000,038,434 | ---- | C] () -- C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).ADR

[2010/07/07 22:36:25 | 000,000,256 | ---- | C] () -- C:WindowsSysWow64pool.bin

[2010/07/07 09:05:48 | 000,006,382 | ---- | C] () -- C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).EML

[2010/07/07 07:11:05 | 000,008,103 | ---- | C] () -- C:UsersRoxanneAppDataRoamingcontacts2.csv.1097935.xml

[2010/07/07 07:11:05 | 000,000,519 | ---- | C] () -- C:UsersRoxanneAppDataRoamingBCMMappings.xml

[2010/06/13 11:48:16 | 000,002,315 | ---- | C] () -- C:UsersRoxanneAppDataRoamingSAS7_000.DAT

[2010/06/04 17:35:50 | 000,747,538 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2010/03/31 13:02:50 | 000,000,000 | ---- | C] () -- C:Windowsativpsrm.bin

[2010/03/31 12:57:34 | 000,000,282 | ---- | C] () -- C:WindowsSysWow64RStoneLog2.ini

[2010/03/31 12:57:34 | 000,000,223 | ---- | C] () -- C:WindowsSysWow64RStoneLog.ini

[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:WindowsSysWow64ractrlkeyhook.dll

[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:WindowsLPRES(47).DLL

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll

[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:WindowsSysWow64igkrng400.bin

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 205 bytes -> C:ProgramDataTemp:F35A93AD

@Alternate Data Stream - 143 bytes -> C:UsersRoxanneAppDataRoamingComma Separated Values (Windows).EML:OECustomProperty

@Alternate Data Stream - 135 bytes -> C:ProgramDataTemp:7631EA83

 

< End of report >

Link to comment
Share on other sites

OK we seemed to get rid of most but I’d like another look.

 

Download and run ComboFix

 

Download Combofix from either of the links below, and save it to your desktop.

 

Link 1

Link 2

 

**Note: It is important that it is saved directly to your desktop**

 

--------------------------------------------------------------------

 

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

 

--------------------------------------------------------------------

 

Double click on ComboFix.exe & follow the prompts.

 

  • when finished, it will produce a report for you.
  • please post the C:\ComboFix.txt for further review.
Can you tell me how your computer is running and what problems remain.

 

Thanks

 

Satchfan

Link to comment
Share on other sites

Computer seems to be running well. i can now searchy without being redirected.

 

ComboFix 12-01-23.02 - Roxanne 01/23/2012 21:59:57.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.495 [GMT -6:00]

Running from: c:usersRoxanneDesktopComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:install.exe

c:usersRoxanneDownloadManagerWin64-2.2.5-SNAPSHOT.r10668.exe

c:windowssystem32java.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))

.

.

2012-01-24 04:10 . 2012-01-24 04:10 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-23 18:47 . 2012-01-23 18:47 -------- d-----w- C:_OTL

2012-01-21 14:07 . 2012-01-21 14:07 388096 ----a-r- c:usersRoxanneAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-21 14:07 . 2012-01-21 14:07 -------- d-----w- c:program files (x86)Trend Micro

2012-01-21 02:40 . 2012-01-21 02:40 -------- d-----w- c:usersRoxanneAppDataRoamingMalwarebytes

2012-01-21 02:40 . 2012-01-21 03:00 -------- d-----w- c:program files (x86)MALWAREBYTES ANTI-MALWARE

2012-01-21 02:40 . 2012-01-21 03:00 -------- d-----w- c:programdataMalwarebytes

2012-01-21 02:40 . 2012-01-21 02:40 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-01-21 02:40 . 2011-12-10 21:24 23152 ----a-w- c:windowssystem32driversmbam.sys

2012-01-20 13:14 . 2012-01-20 13:14 -------- d-----w- c:program filesiPod

2012-01-20 13:14 . 2012-01-20 13:14 -------- d-----w- c:program filesiTunes

2012-01-20 13:14 . 2012-01-20 13:14 -------- d-----w- c:program files (x86)iTunes

2012-01-11 13:51 . 2011-11-17 05:38 1292080 ----a-w- c:windowsSysWow64ntdll.dll

2012-01-11 13:51 . 2011-11-17 06:41 1731920 ----a-w- c:windowssystem32ntdll.dll

2012-01-11 13:51 . 2011-10-26 05:25 1572864 ----a-w- c:windowssystem32quartz.dll

2012-01-11 13:51 . 2011-10-26 04:32 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-01-11 13:51 . 2011-10-26 04:32 1328128 ----a-w- c:windowsSysWow64quartz.dll

2012-01-11 13:51 . 2011-10-26 05:25 366592 ----a-w- c:windowssystem32qdvd.dll

2012-01-11 13:24 . 2011-11-19 14:58 77312 ----a-w- c:windowssystem32packager.dll

2012-01-11 13:24 . 2011-11-19 14:01 67072 ----a-w- c:windowsSysWow64packager.dll

2012-01-03 14:22 . 2012-01-03 14:22 103864 ----a-w- c:program files (x86)Internet ExplorerPluginsnppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-19 12:59 . 2010-11-09 03:40 34688 ----a-w- c:windowssystem32LMIport.dll

2011-12-19 12:59 . 2010-11-09 03:40 87456 ----a-w- c:windowssystem32LMIRfsClientNP.dll

2011-12-19 12:59 . 2010-11-09 03:40 80768 ----a-w- c:windowssystem32LMIinit.dll

2011-11-24 04:52 . 2011-12-15 23:21 3145216 ----a-w- c:windowssystem32win32k.sys

2011-11-05 05:41 . 2011-12-15 23:22 1188864 ----a-w- c:windowssystem32wininet.dll

2011-11-05 05:32 . 2011-12-15 23:20 2048 ----a-w- c:windowssystem32tzres.dll

2011-11-05 04:35 . 2011-12-15 23:22 981504 ----a-w- c:windowsSysWow64wininet.dll

2011-11-05 04:26 . 2011-12-15 23:20 2048 ----a-w- c:windowsSysWow64tzres.dll

2011-11-05 03:32 . 2011-12-15 23:22 1638912 ----a-w- c:windowssystem32mshtml.tlb

2011-11-05 02:48 . 2011-12-15 23:22 1638912 ----a-w- c:windowsSysWow64mshtml.tlb

2011-10-31 02:17 . 2010-03-31 19:10 29480 ----a-w- c:windowsSysWow64msxml3a.dll

2011-10-31 02:17 . 2009-03-20 03:38 505128 ----a-w- c:windowsSysWow64msvcp71.dll

2011-10-31 02:17 . 2009-03-20 03:38 353576 ----a-w- c:windowsSysWow64msvcr71.dll

2011-10-26 05:21 . 2011-12-15 23:22 43520 ----a-w- c:windowssystem32csrsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ISUSPM Startup"="c:progra~2COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2005-02-16 221184]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2010-07-19 2957040]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2009-08-05 98304]

"QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2010-02-25 323640]

"WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792]

"SSBkgdUpdate"="c:program files (x86)Common FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" [2006-10-25 210472]

"ISUSScheduler"="c:program files (x86)Common FilesInstallShieldUpdateServiceissch.exe" [2005-02-16 81920]

"DNS7reminder"="c:program files (x86)NuanceNaturallySpeaking10EregEreg.exe" [2007-04-16 259624]

"hpqSRMon"="c:program files (x86)HPDigital ImagingbinhpqSRMon.exe" [2008-07-22 150528]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-03 2415456]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

"HP Software Update"="c:program files (x86)HpHP Software UpdateHPWuSchd2.exe" [2011-05-10 49208]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872]

.

c:usersRoxanneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dragon NaturallySpeaking.lnk - c:program files (x86)NuanceNaturallySpeaking10Programnatspeak.exe [2009-3-16 2835816]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Google Calendar Sync.lnk - c:program files (x86)GoogleGoogle Calendar SyncGoogleCalendarSync.exe [2011-4-8 542264]

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R3 Com4QLBEx;Com4QLBEx;c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2010-02-25 227896]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2010-06-29 128752]

S2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_ccf0dd3cb081af84AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-02 192776]

S2 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2011-05-06 1085440]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2010-10-14 92216]

S2 LMIGuardianSvc;LMIGuardianSvc;c:program files (x86)LogMeInx64LMIGuardianSvc.exe [2011-12-19 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:program files (x86)LogMeInx64RaInfo.sys [2010-05-31 15928]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:windowssystem32DRIVERSusbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:windowsSystem32cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-12 c:windowsTasksHPCeeScheduleForRoxanne.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2009-10-07 11:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2009-07-22 450048]

"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2009-10-31 171520]

"LogMeIn GUI"="c:program files (x86)LogMeInx64LogMeInSystray.exe" [2010-05-31 57928]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:windowssystem32blank.htm

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:program files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~2MICROS~4Office12EXCEL.EXE/3000

Trusted Zone: intuit.comttlc

TCP: DhcpNameServer = 192.168.1.254

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-LightScribe Control Panel - c:program files (x86)Common FilesLightScribeLightScribeControlPanel.exe

HKLM-Run-SynTPEnh - c:program files (x86)SynapticsSynTPSynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)Flip VideoFlipShareFlipShareService.exe

c:program files (x86)CyberLinkShared filesRichVideo.exe

c:program files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-01-23 22:21:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-24 04:21

.

Pre-Run: 151,537,360,896 bytes free

Post-Run: 151,180,234,752 bytes free

.

- - End Of File - - 8A98191A8835F4E26ED80916CC27E7DA

Link to comment
Share on other sites

Hi roxiemusic

 

Computer seems to be running well. i can now search without being redirected.

Good news but I’d like another couple of checks before we can be sure that all the bad stuff has gone.

 

Run Malwarebytes’ Anti-Malware

 

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Thanks

 

Satchfan

Link to comment
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.24.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Roxanne :: LAPTOP [administrator]

Protection: Disabled

1/24/2012 6:37:08 PM

mbam-log-2012-01-24 (18-37-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198065

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to comment
Share on other sites

Clean Malwarebytes scan is a good sign. One final scan and if that’s clear I think we can tidy up.

 

Run ESET Online Scan

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

 

ESET OnlineScan

 

1. Click the Eset online Scanner button.

2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.

Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use

4. Click the Start button.

5. Accept any security warnings from your browser.

6. Check Scan archives

7. Push the Start button.

8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

9. When the scan completes, push List of found threats

10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Note - when ESET doesn't find any threats, no report will be created.

11. Push the back button.

12. Push Finish

If a log has been produced post it in your next reply.

 

Please let me know if there are any remaining problems

 

Satchfan

Edited by Satchfan
Link to comment
Share on other sites

Hi roxiemusic

 

Well done, your computer appears to be clean.

 

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

 

 

Uninstall Combofix

 

Follow these steps to uninstall Combofix

  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.

Posted Image

  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

 

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

 

aswMBR can be deleted from your desktop.

 

===================================================

 

Update installed programs

 

Some of your programs are out-of-date:

 

Posted Image

Your Java and Adobe Reader are out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components, Adobe Reader and update.

  • from the Start menu, select Control Panel.
  • in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.
  • look for all versions of Java or Java Rintime Environment, and click Uninstall. Alternatively, right-click the program and select Uninstall
  • do the same to remove Adobe Reader 9
Install Version 6 Update 30, from here

 

NEXT

 

Visit Adobe and download the latest version of Acrobat Reader (version X)

 

Having the latest updates ensures there are no security vulnerabilities on your system.

 

==================================================

 

Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.

 

===================================================

 

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

 

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

 

===================================================

 

I also recommend that you read the following:

 

How to prevent malware by miekiemoes

 

 

Finally, if your computer has no more problems and you are happy to close this, please let me know. If I do not hear from you after 24 hours, I will assume all is well and close this topic..

 

Safe computing

 

Satchfan

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...