Jump to content
Sign in to follow this  
Fernando Santillán

Bad Image Error (Win7)

Recommended Posts

Hello, I'm new to this community. Thanks for reading my topic. For the past few days i've been experiencing an annoying problem and would greatly appreciate some help fixing it.

 

Every time i boot up my computer and when i make it to the desktop a Bad Image Error appear. I close the message and another message came up telling me the same problem. I red on one of the forums that this type of problem may be caused by malware. Here's what it says:

 

DDE Server Window:iTunes.exe - Bad Image

 

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or ocntact your system administrator or the software vendor for support.

 

The same problem hapened in this forums:

http://forums.pcpitstop.com/index.php?/topic/194798-bad-image-error/

http://forums.pcpitstop.com/index.php?/topic/169944-bad-image-error-resolved/

http://forums.pcpitstop.com/index.php?/topic/170560-bad-image-error-win-xp-resolved/

 

I've been looking for solutions to my problem and i found that many people resolved this same problem through this forum and the professional help that you guys give. So i'm hoping that i can help here too. I would be very greatful foy any help that i can find. Here's my hjt log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:05:28 PM, on 6/17/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

 

Running processes:

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.pe/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13927 bytes

Share this post


Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post the appropriate logs in the Have I Been Hijacked? forum and wait for help.

Hi and welcome to PC Pitstop. :)

 

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

 

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

 

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

 

64bit Operating System Advice:

 

Your log shows signs that this is a 64 bit machine. HijackThis is not compatible on a 64 bit system like yours and it's scan results can not be relied upon. I'm going to need you to run a two different scans for myself in due course.

 

Before we start:

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

 

Security Application Check:

 

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

 

Link 1

Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Scan with OTL:

 

Please download OTL and save it to your Desktop.

 

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Share this post


Link to post
Share on other sites

Dakeyras thank you! I aprecciate your help. My computer keeps showing the Bad Image Error at the beginning. I noticed that when I open Internet Explorer it only shows me a blank page on every page I try to enter IE:Google. I also noticed that the cpu is always running at 50% or more, even when I'm not running any application. Before these errors the cpu worked at 12% or so. And when i try to open windows live movie maker a Bad Error message appear and the program never starts.

 

Here's the results from Security Application Check:

 

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.1.0

Java 6 Update 30

Java 7 Update 4

Java version out of Date!

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Here's the result from OTL.txt:

 

 

OTL logfile created on: 6/18/2012 12:38:26 PM - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:UsersOwnerDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 59.68% Memory free

7.49 Gb Paging File | 5.69 Gb Available in Paging File | 75.93% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 450.41 Gb Total Space | 361.03 Gb Free Space | 80.16% Space Free | Partition Type: NTFS

Drive D: | 15.05 Gb Total Space | 1.88 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

 

Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersOwnerDesktopOTL.exe (OldTimer Tools)

PRC - C:Program FilesAVAST SoftwareAvastAvastUI.exe (AVAST Software)

PRC - C:Program FilesAVAST SoftwareAvastAvastSvc.exe (AVAST Software)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (CyberLink)

PRC - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)

PRC - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37ccSvcHst.exe (Symantec Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56ppGoogleNaClPluginChrome.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56pdf.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56libglesv2.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56libegl.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56avutil-51.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56avformat-54.dll ()

MOD - C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56avcodec-54.dll ()

MOD - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe (AVAST Software)

SRV:64bit: - (STacSV) -- C:Program FilesIDTWDMstacsv64.exe (IDT, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (AMD FUEL Service) -- C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (HPClientSvc) -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (Hewlett-Packard Company)

SRV:64bit: - (HP Wireless Assistant Service) -- C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (Hewlett-Packard Company)

SRV:64bit: - (AMD Reservation Manager) -- C:Program FilesATI TechnologiesATI.ACEReservation ManagerAMD Reservation Manager.exe (Advanced Micro Devices)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:Program Files (x86)SkypeUpdaterUpdater.exe (Skype Technologies)

SRV - (IconMan_R) -- C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (Realsil Microelectronics Inc.)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (HP Support Assistant Service) -- C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe (Hewlett-Packard Company)

SRV - (HPDrvMntSvc.exe) -- C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HPWMISVC) -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

SRV - (RoxioNow Service) -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe (Roxio)

SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37ccSvcHst.exe (Symantec Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE (SEIKO EPSON CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:WindowsSysNativedriversaswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:WindowsSysNativedriversaswSP.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:WindowsSysNativedriversaswRdr2.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:WindowsSysNativedriversaswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:WindowsSysNativedriversaswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:WindowsSysNativedriversaswFsBlk.sys (AVAST Software)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)

DRV:64bit: - (BCM43XX) -- C:WindowsSysNativedriversBCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (STHDA) -- C:WindowsSysNativedriversstwrt64.sys (IDT, Inc.)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (RSPCIESTOR) -- C:WindowsSysNativedriversRtsPStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RimVSerPort) -- C:WindowsSysNativedriversRimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)

DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641201000.025SymEFA64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641201000.025srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641201000.025srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641201000.025symnets.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641201000.025Ironx64.sys (Symantec Corporation)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:WindowsSysNativedriversAtiPcie64.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641201000.025SymDS64.sys (Symantec Corporation)

DRV:64bit: - (amd_sata) -- C:WindowsSysNativedriversamd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:WindowsSysNativedriversamd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (AtiHdmiService) -- C:WindowsSysNativedriversAtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (usbfilter) -- C:WindowsSysNativedriversusbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (amdiox64) -- C:WindowsSysNativedriversamdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:WindowsSysNativedriversrootmdm.sys (Microsoft Corporation)

DRV:64bit: - (SrvHsfV92) -- C:WindowsSysNativedriversVSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:WindowsSysNativedriversVSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:WindowsSysNativedriversVSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:WindowsSysNativedriversyk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:WindowsSysNativedriversnetw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsVirusDefs20100813.009EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsVirusDefs20100813.009ENG64.SYS (Symantec Corporation)

DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys (Symantec Corporation)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM..SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE:64bit: - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM..SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

 

IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

 

 

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://google.com.pe/

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF:64bit: - [email protected]/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF:64bit: - [email protected]/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - [email protected]/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/DTPlugin,version=10.4.1: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - [email protected]/JavaPlugin,version=10.4.1: C:Program Files (x86)OracleJavaFX 2.1 Runtimebinplugin2npjp2.dll (Oracle Corporation)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/NpWinExt,version=5.0: C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll (Microsoft Corporation)

FF - [email protected]/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - [email protected]/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WebSLLauncher,version=1.0: C:Program Files (x86)Common FilesResearch In MotionBBWebSLLauncherNPWebSLLauncher.dll ()

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/Google Update;version=3: C:UsersOwnerAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:UsersOwnerAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37IPSFFPlgn [2011/10/10 00:03:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37coFFPlgn [2011/10/10 00:03:33 | 000,000,000 | ---D | M]

FF - [email protected].com: C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0Firefox [2011/10/10 00:03:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDMExtension [2011/10/10 00:03:23 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:UsersOwnerAppDataLocalGoogleChromeApplication19.0.1084.56gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:UsersOwnerAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

CHR - plugin: Skype Toolbars (Enabled) = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.9.0.9216_0npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:Program Files (x86)Common FilesResearch In MotionBBWebSLLauncherNPWebSLLauncher.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.111npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WindowsSysWOW64AdobeDirectornp32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll

CHR - Extension: YouTube = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Bu00FAsqueda de Google = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: avast! WebRep = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1426_0

CHR - Extension: Fast save = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsodhleokodmnbhlmjbmnlejiklconbnjg1.1_0

CHR - Extension: Cuevana Stream = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsooagbcohbmlpkfkdnodbomgphbcecalj4.2_0

CHR - Extension: Cuevana Stream = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsooagbcohbmlpkfkdnodbomgphbcecalj4.2_0.svnprops.svn-work

CHR - Extension: Gmail = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM..Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll (Symantec Corporation)

O3 - HKLM..Toolbar: (@C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll (Microsoft Corporation)

O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe ()

O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)

O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..Run: [RIMBBLaunchAgent.exe] C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..Run: [startCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKUS-1-5-19..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-20..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 200.48.225.130 200.48.225.146

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{3C26FA2F-1F31-400E-8B7A-4DACDAFD9DB4}: DhcpNameServer = 200.48.225.130 200.48.225.146

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerms-help - No CLSID value found

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/06/18 12:36:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:UsersOwnerDesktopOTL.exe

[2012/06/17 18:26:41 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFree Video Converter

[2012/06/17 16:02:43 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/06/17 16:02:43 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/06/16 21:27:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/06/16 21:27:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/06/16 21:27:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/06/16 21:27:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/06/16 21:27:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/06/16 21:27:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/06/16 21:27:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/06/16 21:27:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/06/16 21:27:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/06/16 21:27:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/06/16 21:27:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/06/16 21:27:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/06/16 21:27:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/06/16 19:38:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll

[2012/06/16 19:38:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll

[2012/06/16 19:38:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe

[2012/06/16 19:37:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe

[2012/06/16 19:37:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe

[2012/06/16 19:37:48 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe

[2012/06/16 19:36:19 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsi.dll

[2012/06/16 19:36:06 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll

[2012/06/16 19:36:05 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecryptnet.dll

[2012/06/15 09:27:24 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingFreeVideoConverter

[2012/06/15 09:27:24 | 000,000,000 | ---D | C] -- C:Program Files (x86)Free Video Converter

[2012/06/15 05:30:41 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocal{17EB23C0-234B-43B5-881E-1F7D6FFA1B07}

[2012/06/15 05:18:14 | 000,000,000 | ---D | C] -- C:UsersOwnerDesktopbio

[2012/06/06 11:08:10 | 000,000,000 | ---D | C] -- C:UsersOwnerEpi Info 7

[2012/06/05 20:41:36 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsDirectVobSub

[2012/06/05 20:41:35 | 000,000,000 | ---D | C] -- C:Program FilesDirectVobSub

[2012/06/03 16:00:04 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCDC

[2012/06/03 15:59:59 | 000,000,000 | ---D | C] -- C:Program Files (x86)CDC

[2012/06/03 13:58:31 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocal{565A83B9-C726-402F-A4D8-607B91474300}

[2012/06/03 13:45:08 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFree FLV Converter

[2012/06/03 13:45:07 | 000,360,448 | ---- | C] (FLV.com) -- C:WindowsSysWow64TubeFinder.exe

[2012/06/03 13:45:06 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6FR.DLL

[2012/06/03 13:45:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64VB6STKIT.DLL

[2012/06/03 13:45:05 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCMCFR.DLL

[2012/06/03 13:45:05 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64PICCLP32.OCX

[2012/06/03 13:45:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64PCCLPFR.DLL

[2012/06/03 13:45:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64CMDLGFR.DLL

[2012/06/03 13:45:03 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingFreeFLVConverter

[2012/06/03 13:45:03 | 000,000,000 | ---D | C] -- C:Program Files (x86)Free FLV Converter

[2012/06/03 13:12:46 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocal{872AC25E-8C45-40EB-B332-135DB82AA106}

[2012/06/03 13:12:27 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocal{5DD5CDF9-B4E2-4CC1-896A-CBA9A700549D}

[2012/06/03 13:12:26 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocal{3E68BEAE-F337-4FA0-A8E5-16736DE55B3E}

[2012/06/03 12:56:22 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava

[2012/06/03 12:55:52 | 000,000,000 | ---D | C] -- C:Program Files (x86)Oracle

[2012/06/03 12:55:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:WindowsSysWow64npDeployJava1.dll

[2012/06/03 12:55:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:WindowsSysWow64javaws.exe

[2012/06/03 12:55:03 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:WindowsSysWow64javaw.exe

[2012/06/03 12:55:03 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:WindowsSysWow64java.exe

[2012/05/23 12:44:16 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

 

========== Files - Modified Within 30 Days ==========

 

[2012/06/18 12:36:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:UsersOwnerDesktopOTL.exe

[2012/06/18 12:30:17 | 000,881,475 | ---- | M] () -- C:UsersOwnerDesktopSecurityCheck.exe

[2012/06/18 12:26:03 | 000,026,192 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 12:26:03 | 000,026,192 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 12:18:52 | 000,001,094 | ---- | M] () -- C:Windows asksGoogleUpdateTaskMachineCore.job

[2012/06/18 12:18:18 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/06/18 12:18:12 | 3015,888,896 | -HS- | M] () -- C:hiberfil.sys

[2012/06/17 23:50:03 | 000,000,908 | ---- | M] () -- C:Windows asksGoogleUpdateTaskUserS-1-5-21-3969999392-1469864929-506000154-1001UA.job

[2012/06/17 23:16:11 | 000,001,098 | ---- | M] () -- C:Windows asksGoogleUpdateTaskMachineUA.job

[2012/06/17 22:34:36 | 000,726,444 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/06/17 22:34:36 | 000,624,412 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/06/17 22:34:36 | 000,106,756 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/06/17 19:50:00 | 000,000,856 | ---- | M] () -- C:Windows asksGoogleUpdateTaskUserS-1-5-21-3969999392-1469864929-506000154-1001Core.job

[2012/06/17 19:02:04 | 398,244,762 | ---- | M] () -- C:UsersOwnerDesktopVolition -- A Short Film by T Jara Morgan_(1080p).avi

[2012/06/17 18:26:41 | 000,001,125 | ---- | M] () -- C:UsersOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchFree Video Converter.lnk

[2012/06/17 18:26:41 | 000,001,101 | ---- | M] () -- C:UsersOwnerDesktopFree Video Converter.lnk

[2012/06/17 16:02:43 | 000,002,975 | ---- | M] () -- C:UsersOwnerDesktopHiJackThis.lnk

[2012/06/17 15:46:06 | 000,506,846 | ---- | M] () -- C:UsersOwnerDesktopError.jpg

[2012/06/16 22:18:57 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativewebservices.dll

[2012/06/16 22:18:32 | 000,800,256 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeusp10.dll

[2012/06/16 22:12:21 | 000,976,896 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativedui70.dll

[2012/06/16 21:46:37 | 000,415,744 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2012/06/16 19:29:43 | 000,001,841 | ---- | M] () -- C:UsersPublicDesktopavast! Free Antivirus.lnk

[2012/06/16 19:29:42 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64config.nt

[2012/06/13 19:27:42 | 581,658,850 | ---- | M] () -- C:UsersOwnerDesktopVolition -- A Short Film by T Jara Morgan_(1080p).wmv

[2012/06/13 12:10:11 | 000,000,332 | ---- | M] () -- C:Windows asksHPCeeScheduleForOwner.job

[2012/06/12 21:21:24 | 000,006,144 | ---- | M] () -- C:UsersOwnerAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/03 12:54:48 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:WindowsSysWow64javaw.exe

[2012/06/03 12:54:48 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:WindowsSysWow64java.exe

[2012/06/01 21:15:09 | 000,000,947 | ---- | M] () -- C:UsersOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchBitTorrent.lnk

[2012/06/01 21:15:09 | 000,000,923 | ---- | M] () -- C:UsersPublicDesktopBitTorrent.lnk

[2012/05/28 00:34:12 | 000,206,336 | ---- | M] () -- C:WindowsSysNativeunrar64.dll

[2012/05/24 21:18:04 | 000,000,342 | ---- | M] () -- C:Windows asksHPCeeScheduleForOWNER-HP$.job

[2012/05/23 12:44:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/05/23 12:44:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

 

========== Files Created - No Company Name ==========

 

[2012/06/18 12:30:13 | 000,881,475 | ---- | C] () -- C:UsersOwnerDesktopSecurityCheck.exe

[2012/06/17 18:27:38 | 398,244,762 | ---- | C] () -- C:UsersOwnerDesktopVolition -- A Short Film by T Jara Morgan_(1080p).avi

[2012/06/17 18:26:41 | 000,001,125 | ---- | C] () -- C:UsersOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchFree Video Converter.lnk

[2012/06/17 18:26:41 | 000,001,101 | ---- | C] () -- C:UsersOwnerDesktopFree Video Converter.lnk

[2012/06/17 16:02:43 | 000,002,975 | ---- | C] () -- C:UsersOwnerDesktopHiJackThis.lnk

[2012/06/17 15:46:06 | 000,506,846 | ---- | C] () -- C:UsersOwnerDesktopError.jpg

[2012/06/15 05:18:41 | 581,658,850 | ---- | C] () -- C:UsersOwnerDesktopVolition -- A Short Film by T Jara Morgan_(1080p).wmv

[2012/06/05 20:41:35 | 000,206,336 | ---- | C] () -- C:WindowsSysNativeunrar64.dll

[2012/06/03 13:45:06 | 000,208,500 | ---- | C] () -- C:WindowsSysWow64ReyXpBasics.tlb

[2012/06/03 13:45:05 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64PropertyGrid.ocx

[2012/06/03 13:45:03 | 000,024,576 | ---- | C] () -- C:WindowsSysWow64ControlSubX.ocx

[2012/06/01 21:15:09 | 000,000,947 | ---- | C] () -- C:UsersOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchBitTorrent.lnk

[2012/06/01 21:15:09 | 000,000,923 | ---- | C] () -- C:UsersPublicDesktopBitTorrent.lnk

[2012/03/28 21:09:22 | 000,006,144 | ---- | C] () -- C:UsersOwnerAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/18 15:59:54 | 000,743,534 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2012/01/17 19:43:52 | 000,066,856 | ---- | C] () -- C:WindowsSysWow64SynTPEnhPS.dll

[2011/11/17 15:05:43 | 000,508,416 | ---- | C] () -- C:WindowsSysWow64dxgi.dll

[2011/04/26 04:50:22 | 000,000,000 | ---- | C] () -- C:Windowsativpsrm.bin

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:WindowsSysWow64atipblag.dat

[2011/01/08 20:51:01 | 000,000,188 | ---- | C] () -- C:WindowsSysWow64HPWA.ini

[2010/09/24 17:41:34 | 000,007,736 | ---- | C] () -- C:WindowshpDSTRES.DLL

 

< End of report >

Share this post


Link to post
Share on other sites

Here's the results from Extra.txt:

 

 

OTL Extras logfile created on: 6/18/2012 12:38:26 PM - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:UsersOwnerDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 59.68% Memory free

7.49 Gb Paging File | 5.69 Gb Available in Paging File | 75.93% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 450.41 Gb Total Space | 361.03 Gb Free Space | 80.16% Space Free | Partition Type: NTFS

Drive D: | 15.05 Gb Total Space | 1.88 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

 

Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{0BF3E09C-6245-4C94-997B-6EF9755D6A8E}" = rport=138 | protocol=17 | dir=out | app=system |

"{1583BB10-F6EC-480B-96E3-3FD2A6FDBD29}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{263257DB-18DC-4640-9AF2-337DE5F5BB01}" = lport=10243 | protocol=6 | dir=in | app=system |

"{288FD601-8B04-4C51-BF2E-BC910113996B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{384A71F6-76D6-4091-BE83-289C9F9FC82F}" = lport=445 | protocol=6 | dir=in | app=system |

"{384C9B59-4C15-4DD4-9ACA-4C498EB6DC33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{3F3CC255-C9A4-4CDA-80F0-5732D04C4708}" = lport=138 | protocol=17 | dir=in | app=system |

"{40CBAD4A-DA58-4C74-88ED-392B3F3D6CFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{5081528E-6C5A-446B-BFF2-3A87F4E4440B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{520D32FD-68D0-4E43-B18C-C9A5ABAB2B0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{58B7755E-A435-4A06-ABB0-1E1CDF0DE195}" = rport=139 | protocol=6 | dir=out | app=system |

"{5E8B8272-6315-4EFA-B431-6613206AAD37}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{6319CEDA-ADD3-4A19-8388-548E7C997588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{6F81F53E-D79F-4D59-89B6-CA82794A574B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{757111A2-0DD3-46DF-9022-DEBD1E76C8D9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{774C01CE-EA97-4DEE-9EE1-D66DDCCA7861}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{80DF3CAB-0172-4382-B6D5-6B984C4785A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{86ABBB34-188D-45EF-98A2-11A2CBF10DE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

"{8B264321-1C0B-4CEC-8EBF-70D0249A9CEF}" = rport=137 | protocol=17 | dir=out | app=system |

"{8FCE226E-B1DD-4CB1-A9E6-B3333DF659E7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{922F7185-4A99-45F7-A002-89BC6B8880A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{9251AE72-41A5-445B-92C8-9EF16DE0C050}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{97CDED8A-9F63-4F24-B78B-F7ACE2A9B20F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A3E65B0F-4AEF-475A-A5E6-3A3B89D6E150}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{B7F4A6F2-7E98-469E-8EED-913FFEE7E8C0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{C64309AC-A042-4AA6-987B-2532131C7B1A}" = rport=445 | protocol=6 | dir=out | app=system |

"{D0BA2518-7466-41D0-A68A-CF774D79A5E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{D9121D89-377D-4142-A8BB-E511E0CD5A1D}" = lport=6004 | protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14outlook.exe |

"{DEA6E03E-D2A1-4CCC-B64F-1D76C093E62F}" = lport=137 | protocol=17 | dir=in | app=system |

"{F2B2BD9A-82BD-45AB-9926-5862E2543A89}" = lport=139 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{06A13B70-1B98-41A9-BEE4-B84A9023FCAB}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{23210222-423B-4450-AF9F-5ADB64BABEA7}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |

"{48A6A7AD-8BB8-4F2A-A39F-A25A2BB6D2D5}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |

"{48D7274C-5116-4D86-AD57-8AA649F64D99}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{4CDC440D-7D42-470F-9C1A-D3B7DC7B8099}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |

"{50C68BA7-8E8A-4680-AA29-47309FB016CA}" = protocol=6 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{59D8EEEC-7BFC-4A59-ADEF-3F76F57D9364}" = protocol=58 | dir=in | [email protected],-28545 |

"{5ECF8ED1-D539-449D-822C-6B39B008BF0D}" = dir=in | app=c:program files (x86)itunesitunes.exe |

"{65D9D5B5-E2EF-488D-A5FA-B3CC4F24DCB1}" = protocol=17 | dir=in | app=c:program files (x86)remote mouseserverserver.exe |

"{6ED4A591-B154-43E7-A23C-EB027C851DC0}" = protocol=6 | dir=in | app=c:program files (x86)roxioroxionow playerrnowshell.exe |

"{727D32B9-B4B4-47CC-89DD-339F78A86FFC}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{731856A1-57B0-4C4D-A1C2-5E84699790E9}" = protocol=1 | dir=in | [email protected],-28543 |

"{75FE68AD-7570-4EAB-8B69-E02DF25459E7}" = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice14onenote.exe |

"{79E02FD2-3506-48C0-BF31-2FB724425E2B}" = dir=out | app=c:program files (x86)hewlett-packardhp clouddrivezumodrive.exe |

"{7DD7BD30-30A7-4963-B3E1-D01DDEE3CE80}" = protocol=17 | dir=in | app=c:program fileshphp deskjet 2000 j210 seriesbinusbsetup.exe |

"{83448142-3A48-419F-BAAC-510ADE22B05D}" = protocol=17 | dir=in | app=c:program files (x86)bittorrentbittorrent.exe |

"{835F4159-E898-4870-9748-D6C0D9C59842}" = protocol=17 | dir=in | app=c:program files (x86)research in motionblackberry desktoprim.desktop.exe |

"{90E59F40-59D7-44BE-B92D-DA6F599CE938}" = protocol=6 | dir=in | app=c:program files (x86)remote mouseserverserver.exe |

"{90EA8A39-8821-49AD-89A6-8B3DDFDF31DF}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{9130F6CA-E928-4916-8287-7ABE60BD85B6}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |

"{93530DB0-17E7-49F7-BE30-595E45C52FCF}" = protocol=17 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{9B87D570-7605-4573-82B7-00C5256A23A9}" = protocol=6 | dir=in | app=c:program files (x86)bittorrentbittorrent.exe |

"{A21D2BE1-9FCF-478D-A707-7FB6AA405110}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{A466A039-41D4-42B2-8F7E-9838C0BA4320}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |

"{A48D4682-0A69-4435-B012-3D8DBB8DA2E3}" = dir=in | app=c:program files (x86)windows livemeshmoe.exe |

"{AADA05FC-2358-41F9-B302-12D81E3DAA70}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{ABAF297A-D24C-46D5-961E-7F6BE5000B3E}" = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14onenote.exe |

"{AD6A2FE2-17A3-4760-8D22-42EEBBAEBFCE}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{B10D82EB-F5AD-454C-BF46-A825A47AB66B}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{B236336F-96EC-4264-8B0F-2005B29DA013}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{B27BDF99-9103-4A11-889D-E5A94434863E}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{B3938608-94D3-47E8-8E69-34AB07C9332F}" = protocol=6 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{B6BC7AFC-6474-4093-B323-EB06093578F2}" = protocol=6 | dir=out | app=system |

"{C2AC2D91-22F1-49BA-9B62-FEB7625645A9}" = protocol=6 | dir=in | app=c:program files (x86)hewlett-packardmediasmartroxionowrnow.exe |

"{CA19D7CD-F748-4D77-91F3-EC7FBF9AFC6C}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{CE97E21C-6A3D-4ECE-864C-96E6D696125A}" = protocol=1 | dir=out | [email protected],-28544 |

"{CFA8E204-DC22-4844-8C62-A8A8E2632602}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{D8977DFC-84D1-435D-9CF5-B70505D6D424}" = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14groove.exe |

"{DAACE753-AE0C-480F-9163-1717471634EA}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{DB9E2717-29BE-457A-955E-DEA887DEC298}" = dir=in | app=c:program files (x86)hewlett-packardhp clouddrivezumodrive.exe |

"{E521C5B6-4F36-4176-8C85-428BA022A5C7}" = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice14groove.exe |

"{E58E4014-A0C2-4873-8F9F-701FAC6954A6}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |

"{E683D0A3-CF30-4A0A-9C2A-7F72300C1DBB}" = protocol=6 | dir=in | app=c:program files (x86)research in motionblackberry desktoprim.desktop.exe |

"{E78750D1-BFDD-4005-8B51-498744DAE389}" = protocol=6 | dir=in | app=c:program fileshphp deskjet 2000 j210 seriesbinusbsetup.exe |

"{ECAC8F2E-8145-416D-B37F-3A17134F76C9}" = protocol=17 | dir=in | app=c:program files (x86)roxioroxionow playerrnowshell.exe |

"{EE08D073-63A0-4668-96CA-DAA28EF6FE09}" = protocol=58 | dir=out | [email protected],-28546 |

"{F6B5D8D3-D0C5-4807-A3B6-428AE2694C86}" = protocol=17 | dir=in | app=c:program files (x86)hewlett-packardmediasmartroxionowrnow.exe |

"TCP Query User{5DA0AF61-A4A3-4D09-9F42-AB61F5E57138}C:windowsmicrosoft.netframeworkv2.0.50727vbc.exe" = protocol=6 | dir=in | app=c:windowsmicrosoft.netframeworkv2.0.50727vbc.exe |

"TCP Query User{B279AE28-AB68-4887-88D0-301DED1A2D1C}C:program files (x86)remote mouseserverserver.exe" = protocol=6 | dir=in | app=c:program files (x86)remote mouseserverserver.exe |

"UDP Query User{4B5938C9-210F-4182-BEF6-65593873C4FB}C:windowsmicrosoft.netframeworkv2.0.50727vbc.exe" = protocol=17 | dir=in | app=c:windowsmicrosoft.netframeworkv2.0.50727vbc.exe |

"UDP Query User{57226E39-F8FF-464F-A966-2710E604A5F3}C:program files (x86)remote mouseserverserver.exe" = protocol=17 | dir=in | app=c:program files (x86)remote mouseserverserver.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{0C3B19A3-82F4-4217-93FD-D099652AD0DE}" = HP Deskjet 2000 J210 series Basic Device Software

"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant

"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback

"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit)

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-0015-0C0A-1000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010

"{90140000-0015-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0C0A-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010

"{90140000-0016-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0C0A-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010

"{90140000-0018-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0C0A-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010

"{90140000-0019-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0C0A-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010

"{90140000-001A-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0C0A-1000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010

"{90140000-001B-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0403-1000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010

"{90140000-001F-0403-1000-0000000FF1CE}_Office14.PROPLUSR_{E8C8BA81-35B2-481B-A0D0-ED95300BEFD9}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010

"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROPLUSR_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-042D-1000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010

"{90140000-001F-042D-1000-0000000FF1CE}_Office14.PROPLUSR_{8587396B-3211-46B3-948A-0F3E9A907EBF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0456-1000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010

"{90140000-001F-0456-1000-0000000FF1CE}_Office14.PROPLUSR_{C025C688-A985-4FF1-ADA3-3E060DBCD169}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010

"{90140000-002C-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{5D1A2319-50D8-4CFB-898C-464BCDD5E463}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Spanish) 2010

"{90140000-0043-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{DFC527FE-B218-4DB9-86E8-42F9B5B4B453}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0C0A-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010

"{90140000-0044-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010

"{90140000-006E-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{F1097DCA-9E81-4ED8-B8B9-BECBA7BF48C8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0C0A-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010

"{90140000-00A1-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0C0A-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010

"{90140000-00BA-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E1E805EA-2B83-4F06-A9A5-6811B73E3B2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"EPSON Printer and Utilities" = EPSON Printer Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"vsfilter64_is1" = DirectVobSub 2.41.4986 (x64)

"WinRAR archiver" = WinRAR 4.10 (64-bit)

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display

"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common

"{191B8CBE-F735-4248-8795-B4163B15BACC}" = Epi Info 7

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 30

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52040558-EE65-4BB1-AEE4-7BEABCB71AF2}" = HP Deskjet 2000 J210 series Help

"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese

"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static

"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard

"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian

"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional

"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek

"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Español

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish

"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese

"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All

"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"avast" = avast! Free Antivirus

"BitTorrent" = BitTorrent

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"DiskAid_is1" = DiskAid 5.09

"Free FLV Converter_is1" = Free FLV Converter V 7.4.0

"Free Video Converter_is1" = Free Video Converter V 3.1

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"NIS" = Norton Internet Security

"Simple Shutdown Timer1.1.2" = Simple Shutdown Timer

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite" = Windows Live Essentials

"ZumoDrive" = HP CloudDrive

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERSS-1-5-21-3969999392-1469864929-506000154-1001SOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 6/8/2012 1:02:03 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3385

 

Error - 6/8/2012 1:02:04 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 6/8/2012 1:02:04 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4508

 

Error - 6/8/2012 1:02:04 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4508

 

Error - 6/9/2012 12:30:08 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 6/9/2012 12:30:08 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 41288722

 

Error - 6/9/2012 12:30:08 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 41288722

 

Error - 6/9/2012 12:30:09 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 6/9/2012 12:30:09 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 41289751

 

Error - 6/9/2012 12:30:09 AM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 41289751

 

[ Hewlett-Packard Events ]

Error - 1/16/2012 8:28:35 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 1/16/2012 8:28:36 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 1/16/2012 8:28:36 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 1/16/2012 8:29:08 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 3/20/2012 9:47:12 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 3/20/2012 9:48:09 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 4/8/2012 4:05:44 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 5/8/2012 8:30:49 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 5/15/2012 6:29:58 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 5/22/2012 6:42:25 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000

Description =

 

[ HP Software Framework Events ]

Error - 5/16/2012 11:15:00 AM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/05/16 10:15:00.449|00000684|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 5/22/2012 6:41:50 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/05/22 17:41:50.631|00000CA8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 5/30/2012 10:31:13 AM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/05/30 09:31:13.634|00000DA0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 5/30/2012 10:33:03 AM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/05/30 09:33:03.723|000018DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/5/2012 6:50:20 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/05 17:50:20.924|000015C0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/5/2012 6:58:02 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/05 17:58:02.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/5/2012 6:58:05 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/05 17:58:05.510|00000900|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/5/2012 6:58:10 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/05 17:58:10.432|00000C6C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/12/2012 6:50:51 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/12 17:50:51.247|00001888|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 6/17/2012 2:52:09 PM | Computer Name = Owner-HP | Source = CaslWmi | ID = 5

Description = 2012/06/17 13:52:09.818|000003F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

[ HP Wireless Assistant Events ]

Error - 5/18/2011 2:53:29 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:53:34 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:53:39 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:53:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:54:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:55:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:56:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:57:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:58:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/18/2011 2:59:44 AM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

[ System Events ]

Error - 5/21/2012 3:57:38 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx64 SymIRON

 

Error - 5/21/2012 3:58:35 PM | Computer Name = Owner-HP | Source = DCOM | ID = 10016

Description =

 

Error - 5/23/2012 1:37:31 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx64 SymIRON

 

Error - 5/23/2012 1:38:31 PM | Computer Name = Owner-HP | Source = DCOM | ID = 10016

Description =

 

Error - 5/23/2012 6:38:45 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx64 SymIRON

 

Error - 5/23/2012 6:39:46 PM | Computer Name = Owner-HP | Source = DCOM | ID = 10016

Description =

 

Error - 5/24/2012 1:08:50 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx64 SymIRON

 

Error - 5/24/2012 1:12:09 AM | Computer Name = Owner-HP | Source = DCOM | ID = 10016

Description =

 

Error - 5/24/2012 9:43:03 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BHDrvx64 SymIRON

 

Error - 5/24/2012 9:44:03 PM | Computer Name = Owner-HP | Source = DCOM | ID = 10016

Description =

 

 

< End of report >

 

Thanks for your help

Share this post


Link to post
Share on other sites

Hi. :)

 

Dakeyras thank you! I aprecciate your help

You're welcome and thanks for the update also...

 

I see Norton Internet Security is installed and partially active. Can you confirm if the subscription has expired or not? As having two Anti-Virus applications installed can lead too a myriad of problems and actually lesson overall online security for example.

 

If this is the case do not attempt to uninstall it yourself as it is best done via a specific removal tool rather than via using the uninstaller in Programs and Features.

 

Peer to Peer Advice:

 

BitTorrent is currently installed...

 

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.

Criminals have "planted" thousands upon thousands of infections in the "free" shared files.

Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

 

My advice would be to uninstall the aforementioned. However if you opt not to please refrain from using it during the course of the malware removal process.

 

Next:

 

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

 

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

 

JavaFX 2.1.0 <-- No need for this unless you actually create RIA(rich internet applications).

Java™ 7 Update 4

Java™ 6 Update 30

Java™ 6 Update 22 (64-bit)

 

To do so click once on each of the above to highlight then click on Uninstall and follow the prompts.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:WINDOWSERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

Reset Windows 7 Firewall:

 

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

 

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.

 

Next:

 

Let myself know when completed the above and answer my query regarding Norton Internet Security and we will go from there, thank you.

Share this post


Link to post
Share on other sites

Thanks for the reply Dakeyras. I completed all of the above (Uninstall Java Installations, Backup the Registry and reset Windows 7 Firewall). I couldn't confirm if the subcription to Norton Internet security expired or not, i couldn´t open the program i don't know why, i think that it is expired because it came with the laptop pre-installed and i remember that it has a 30 day subscription, I didn't uninstalled it as you said not to by the uninstaller in Programs and Features. Looking forward for your response.

Share this post


Link to post
Share on other sites

Hi. :)

 

I couldn't confirm if the subcription to Norton Internet security expired or not, i couldn´t open the program i don't know why, i think that it is expired because it came with the laptop pre-installed and i remember that it has a 30 day subscription

OK fair play. A lot of vendors tend to ship new machines with some form of trial based Anti-Virus installed, we can deal with this shortly.

 

Btw sorry for my bad english. :)

No need to apologise and I can understand what you mean just fine. :tup:

 

Anyway lets proceed as follows shall we...

 

Norton/Symantec RT:

 

Please download the Norton Removal Tool and Save it to your Desktop.

  • Close all programs and right-click on Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your Desktop.
Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands

[CreateRestorePoint]

 

:OTL

IE:64bit: - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

IE - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

IE - HKUS-1-5-21-3969999392-1469864929-506000154-1001..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37IPSFFPlgn [2011/10/10 00:03:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37coFFPlgn [2011/10/10 00:03:33 | 000,000,000 | ---D | M]

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37IPSBHO.dll (Symantec Corporation)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll (Symantec Corporation)

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerms-help - No CLSID value found

[2012/06/17 16:02:43 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/06/17 16:02:43 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/06/17 16:02:43 | 000,002,975 | ---- | C] () -- C:UsersOwnerDesktopHiJackThis.lnk

 

:Files

ipconfig /flushdns /c

C:ProgramDataNorton

C:Program Files (x86)Norton Internet Security

 

:Commands

[ResetHosts]

[EmptyTemp]

[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

Next:

 

Please download Malwarebytes' Anti-Malware to your Desktop.

  • Right-click on mbam-setup-1.61.0.1400.exe and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

Share this post


Link to post
Share on other sites

My computer is still showing the Bad Image Error, Internet Explorer keeps showing a blank page. Ihad to run OTL twice because the first time almost at the finish of the fix it didn't respond so i had to reset the machine. The second time went fine here´s the result:

 

 

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{2fa28606-de77-4029-af96-b231e3b8f827} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2fa28606-de77-4029-af96-b231e3b8f827} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{2fa28606-de77-4029-af96-b231e3b8f827} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2fa28606-de77-4029-af96-b231e3b8f827} not found.

Registry key HKEY_USERSS-1-5-21-3969999392-1469864929-506000154-1001SoftwareMicrosoftInternet ExplorerSearchScopes{2fa28606-de77-4029-af96-b231e3b8f827} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2fa28606-de77-4029-af96-b231e3b8f827} not found.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37IPSFFPlgn not found.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37coFFPlgn not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} not found.

File C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6D53EC84-6AAE-4787-AEEE-F4628F01010C} not found.

File C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37IPSBHO.dll not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

File C:Program Files (x86)Norton Internet SecurityEngine18.1.0.37CoIEPlg.dll not found.

Registry value HKEY_USERSS-1-5-19SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin not found.

Registry value HKEY_USERSS-1-5-20SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerlivecall not found.

File ProtocolHandlerlivecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlermsnim not found.

File ProtocolHandlermsnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerskype4com not found.

File ProtocolHandlerskype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerskype-ie-addon-data not found.

File ProtocolHandlerskype-ie-addon-data - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlmailhtml not found.

File ProtocolHandlerwlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlpg not found.

File ProtocolHandlerwlpg - No CLSID value found not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerms-help not found.

File ProtocolHandlerms-help - No CLSID value found not found.

Folder C:Program Files (x86)Trend Micro not found.

Folder C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis not found.

File C:UsersOwnerDesktopHiJackThis.lnk not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:UsersOwnerDesktopcmd.bat deleted successfully.

C:UsersOwnerDesktopcmd.txt deleted successfully.

FileFolder C:ProgramDataNorton not found.

FileFolder C:Program Files (x86)Norton Internet Security not found.

========== COMMANDS ==========

C:WindowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 99604 bytes

->Temporary Internet Files folder emptied: 37294 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 7282653 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3426 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 0 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 0 bytes

RecycleBin emptied: 920096 bytes

 

Total Files Cleaned = 8.00 mb

 

 

OTL by OldTimer - Version 3.2.49.0 log created on 06192012_105126

 

FilesFolders moved on Reboot...

C:UsersOwnerAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

File move failed. C:Windows emp_avast_Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Here are the results from Malwarebytes Anti-Malware Log:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Database version: v2012.06.19.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-HP [administrator]

 

6/19/2012 11:13:01 AM

mbam-log-2012-06-19 (11-13-01).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224456

Time elapsed: 3 minute(s), 2 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Thank you

Share this post


Link to post
Share on other sites

Hi. :)

 

I am beginning to suspect your problems may not actually be malware related but actually with the iTunes application itself.

 

Have you updated this recently and or connected anything to your machine that required iTunes to be downloaded/installed?

 

In the meantime carry out the below for me please...

 

Reset Internet Explorer:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with Internet Explorer.
  • Next time IE is launched you will be prompted to reapply settings again, this is normal.
Note: Any add-ons will require to be reapplied after the above reset.

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program Files (x86)/ESET/ESET Online Scannerlog.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

I thought that it could be related to the iTunes applicaciont itself. But the system doesn´t only show me Bad Image Errors for iTunes, it also shows Bad Image errors from HP software. I did the reset on Internet Explorer but it still the same. It keeps showing a blank page and in the bottom a message is displayed saying "A problem displaying google.com causes IE to refresh the webpage using Compatibility View" never happened before this problems started. I also noticed that i can´t change the time or date of my sistem or go to the notification center, i try to open them but nothing happens. All of these error started all at the same time. I forgot to mention that all of these error started after a blue screen of death appeared and the system had to restore itself, it never happened before. These are the reasons that made me think that it may be caused by a virus, malware, etc. Or maybe the integrity of Windows 7 had been compromised. Thanks for the patience that you're having with my computer problem Dakeyras.

 

This is the results from ESET Online Scanner:

 

 

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7b9c7f99715a1489b39014cf09c2012

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-20 02:09:43

# local_time=2012-06-19 09:09:43 (-0500, SA Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 91694804 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=141977

# found=0

# cleaned=0

# scan_time=6829

Share this post


Link to post
Share on other sites

Hi. :)

 

My apologies for the delay on my behalf....

 

OK I honestly do not think your machine's problems are actually malware related at all. From what you have described a further review of the the actual OTL extra's log it appears the root cause may be to do with some of the HP software installed that is corrupted/damaged and in turn having the knock on effect that is the cause of all these various issues your machine currently has.

 

Specifically both the HP Support Assistant and HP Software Framework applications for example, though I may be incorrect about this.

 

Next:

 

Anyway as it stands I am sorry to say I will not be able to assist you further as my area of online support/expertise if you will, is solely malware removal not IT tech support etc.

 

So my best advice would be consider invoking your machines Recovery Partition to perform what is known as a Factory Reset which is defacto a reinstallation of the Windows Operating System and start over.

 

Or you could seek further assistance with the excellent Tech Staff we have here in PC Pitstop via creating a new topic in this part of the forum:-

 

User to User Help

 

By all means if you opt for continued assistance in the aforementioned part of the forum, mention I advised you do so and provide a link back to this topic if you so wish.

 

This topics URL:-

 

http://forums.pcpitstop.com/index.php?/topic/199154-bad-image-error-win7/

Next:

 

Let myself know which course of action you plan to undertake, thank you.

Share this post


Link to post
Share on other sites

You're most welcome!

 

--------------

 

Since this issue will be resolved via a Factory Reset... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...