Jump to content

Recommended Posts

Posted

Hi all,

 

I've had this "conduit.com" on the computer for a while now and this morning googl'd it, it appears it is something you don't want so I tried using "Spy Hunter" this scanned for a couple of hours then announced that to remove all 758 listed threats I would have to purchase Spy Hunter.

 

The question is, is there something I can use which is free and will work as opposed to those mentioned below.

 

I should also mention that last week I ran full scans using Avast (free) and Super Anti Spyware which showed virtually nothing including conduit.com.

 

Any ideas?

 

Thanks in advance.

slab288

  • Replies 23
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted

Hi Conduit is adware and gets bundled with a lot of stuff could you follow the below instructions this should take care of it.

 

Step 1

Please download Junkware Removal Tool to your desktop.

 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Please post the JRT.txt and the AdwCleaner report in your next post.

Both of these programs are optimized to run in normal mode, but can be run in safe mode if you have problems.

 

Many Thanks

 

Armageddon

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Posted

Hi Armageddon and thanks for the reply,

 

When you say "Shut down your protection software now to avoid potential conflicts" I assume you mean both Avast & Super Anti Spyware? If yes I'm not sure how to so I'm about to run the scan anyways see what happens.

 

slab288

Posted

I'm not sure if I'm doing something wrong but it started checking and doing it's thing then froze to the point I had to switch OFF at the on/off switch as opposed to shutting down in the normal controlled way. It started up in safe mode then I had more than a few small windows opening saying "can't load tscui.exe as scf.dll is missing".

 

slab288

Posted

This time it worked fine and here is the jrt.txt: -

 

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Home Premium x64

Ran by angela on 27/10/2013 at 13:44:09.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\apnupdater

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data

========================================================================================

BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angela\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

 

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 27/10/2013 at 13:54:18.99

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I'll now download Adw Cleaner and continue will post that logfile asap........the laptop is certainly much faster now.

 

slab288

Posted

Here is the Awd Cleaner Logfile: -

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 14:10:18

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : angela - ANGELA-HP

# Running from : C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7GYAG4U\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect

Folder Deleted : C:\Program Files (x86)\Installl_Converter

Folder Deleted : C:\Users\angela\AppData\LocalLow\Installl_Converter

Folder Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0ED92D65-C964-4537-8A38-334109E95298}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ED92D65-C964-4537-8A38-334109E95298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{680325E1-5225-49E1-ACDE-9CE775E1C2E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0468E7CD-9DE0-4E48-BE2F-C7E3CB79CE9D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7F92EE0-730E-4407-9ED7-9078D09F4438}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB54B409-B8A4-4489-8EE4-84F2E344B4EC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FD3DD56-C86F-4A97-B1B1-DD4B8DCB1B26}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC74131-08B2-4F67-A9BC-5914EF1EDB97}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Deleted : HKCU\Software\AppDataLow\Software\Installl_Converter

Key Deleted : HKLM\Software\DVDVideoSoftTB

Key Deleted : HKLM\Software\Installl_Converter

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

 

-\\ Google Chrome v

[ File : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

Deleted : keyword

*************************

AdwCleaner[R0].txt - [5909 octets] - [27/10/2013 14:07:22]

AdwCleaner[s0].txt - [5177 octets] - [27/10/2013 14:10:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5237 octets] ##########

Posted

Hi Slab288,

 

Running from : C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7GYAG4U\AdwCleaner.exe

It's not advisable to run programs from the Temp Internet files.

This normally happens when you click on Run instead of clicking on Save from the download.

Always save the download and then run from the Desktop or the Download folder.

If we clean the Temp files, any download will also be removed.

 

In removing this Adware is quite possible that there will now be some orphan entries in the registry.

We should check this and clean them up.

This will also enable us to check the Run entries for any possible suspicious entries.

 

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

Both reports from Otl.

 

 

Thanks.

Member of:

UNITE

Posted

I hope this is what you asked for, this is the first as both together was too big and it wouldn't allow me to post both in the same post: -

 

OTL logfile created on: 10/27/2013 3:17:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angela\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free

15.49 Gb Paging File | 13.33 Gb Available in Paging File | 86.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 217.21 Gb Total Space | 148.66 Gb Free Space | 68.44% Space Free | Partition Type: NTFS

Drive D: | 15.38 Gb Total Space | 2.22 Gb Free Space | 14.40% Space Free | Partition Type: NTFS

 

Computer Name: ANGELA-HP | User Name: angela | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/10/27 15:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angela\Downloads\OTL.scr

PRC - [2013/10/20 08:32:50 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe

PRC - [2013/10/19 14:13:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/19 14:13:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2013/10/12 08:46:53 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll

MOD - [2013/10/12 08:45:54 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll

MOD - [2013/10/12 08:45:22 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll

MOD - [2013/10/12 08:45:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll

MOD - [2013/09/13 06:50:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/16 08:06:13 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll

MOD - [2013/08/16 07:48:35 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll

MOD - [2013/08/16 07:40:55 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll

MOD - [2013/08/16 07:39:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/12 08:05:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll

MOD - [2013/07/12 08:01:02 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2012/12/19 19:15:20 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/05/19 17:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/05/19 17:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/05/19 17:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2010/02/10 01:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2010/02/10 01:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2010/02/10 01:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2010/02/10 01:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2010/02/10 01:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2010/02/10 01:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2010/02/10 01:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2010/02/10 01:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/10/19 14:13:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/07/11 18:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2010/06/18 23:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 16:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/11/18 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2013/10/08 22:18:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/04/03 23:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2013/10/19 14:13:52 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/10/19 14:13:52 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/10/19 14:13:52 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/10/19 14:13:52 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/10/19 14:13:52 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/10/19 14:13:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/10/19 14:13:52 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/10/19 14:13:52 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/03/06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/10/30 22:12:52 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/06/17 17:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/17 16:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/23 01:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/28 12:34:32 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2010/01/28 12:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010/01/28 12:34:32 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)

DRV:64bit: - [2009/12/22 09:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/08/24 01:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{3A1B9AA9-A90A-42E1-92EA-CC3C0811CFCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{AE42C990-22DD-49E1-A235-123FF3B408F4}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{3A1B9AA9-A90A-42E1-92EA-CC3C0811CFCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_en-GB

IE - HKCU\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\60F88815F26D4ED888E619D4715A098B: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/27 19:18:32 | 000,000,000 | ---D | M]

 

[2012/12/28 20:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 

========== Chrome ==========

 

CHR - default_search_provider: blekko (Enabled)

CHR - default_search_provider: search_url = http://www.google.com

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\pdf.dll

CHR - plugin: CTB Dynamic Link Library (Enabled) = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj\1.0_0\ctb.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Coupon Matcher = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.9_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: Gmail = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe (O2)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angela\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun File not found

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235" File not found

O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235" File not found

O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)

O4 - Startup: C:\Users\angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab (GMNRev Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068DD17E-20EB-4414-B6BB-D41FB5D10BCE}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/10/27 09:44:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell - "" = AutoRun

O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/10/27 14:07:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/27 13:03:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/10/27 11:27:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/10/27 09:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2013/10/25 09:38:38 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/10/25 09:38:38 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/10/20 08:32:21 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Roaming\AVAST Software

[2013/10/19 14:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

[2013/10/12 11:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2013/10/12 11:12:10 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Apps

[2013/10/12 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Deployment

[2013/10/11 22:13:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/10/11 22:13:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/10/11 22:13:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/10/11 22:13:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/10/11 22:13:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/10/11 22:13:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/10/11 22:13:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/10/11 22:13:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/10/11 22:13:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/10/11 22:13:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/10/11 22:13:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/10/11 22:13:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/10/11 22:13:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/10/11 22:13:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/10/11 22:13:05 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/10/11 07:46:15 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/10/11 07:46:12 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/10/11 07:46:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/10/11 07:46:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/10/11 07:46:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/10/11 07:46:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/10/11 07:46:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll

[2013/10/11 07:46:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/10/11 07:46:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll

[2013/10/11 07:44:59 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2013/10/11 07:44:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/10/11 07:44:50 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys

[2013/10/11 07:44:33 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/10/11 07:44:31 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2013/10/11 07:44:29 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/10/11 07:44:28 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/10/11 07:44:28 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2013/10/11 07:44:27 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2013/10/11 07:44:26 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/10/11 07:44:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/10/11 07:44:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/10/11 07:44:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/10/11 07:44:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/10/11 07:44:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/10/11 07:44:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/10/11 07:44:16 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2013/10/11 07:44:16 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

[2013/10/11 07:43:50 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll

[2013/10/09 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Programs

[2013/10/04 20:35:40 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/10/04 20:35:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/10/04 20:35:23 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/10/04 20:35:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/10/04 20:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\angela\Documents\*.tmp files -> C:\Users\angela\Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/10/27 15:12:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/27 14:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/27 14:20:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/10/27 14:20:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/10/27 14:17:17 | 000,733,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/10/27 14:17:17 | 000,633,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/10/27 14:17:17 | 000,113,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/10/27 14:12:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/27 14:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/27 14:11:52 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/27 12:52:57 | 000,012,720 | ---- | M] () -- C:\Users\angela\AppData\Roaming\wklnhst.dat

[2013/10/27 09:44:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013/10/26 17:51:30 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForangela.job

[2013/10/23 12:20:41 | 002,973,360 | ---- | M] () -- C:\Users\angela\Documents\108849.pdf

[2013/10/21 21:42:36 | 000,510,809 | ---- | M] () -- C:\Users\angela\Documents\Nitecore EC25.pdf

[2013/10/19 14:14:26 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/10/19 14:13:52 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/10/19 14:13:52 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/10/19 14:13:52 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013/10/19 14:13:52 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/10/19 14:13:52 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/10/19 14:13:52 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/10/19 14:13:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/10/19 14:13:52 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013/10/19 14:13:52 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/10/19 14:13:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/10/19 13:23:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/10/12 08:30:05 | 000,416,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/09 21:47:32 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/10/08 22:18:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/08 22:18:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/10/04 20:35:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/10/04 20:35:15 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/10/04 20:35:15 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/10/04 20:35:15 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/10/04 20:35:14 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/10/04 20:35:14 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\angela\Documents\*.tmp files -> C:\Users\angela\Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/10/27 09:44:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013/10/23 12:20:35 | 002,973,360 | ---- | C] () -- C:\Users\angela\Documents\108849.pdf

[2013/10/21 21:42:35 | 000,510,809 | ---- | C] () -- C:\Users\angela\Documents\Nitecore EC25.pdf

[2013/10/12 11:12:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/12 11:12:48 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/09 21:47:32 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2012/12/29 12:15:34 | 000,012,720 | ---- | C] () -- C:\Users\angela\AppData\Roaming\wklnhst.dat

[2012/12/29 12:03:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

 

========== ZeroAccess Check ==========

 

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2013/10/27 09:44:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2013/10/27 14:11:52 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/28 17:03:02 | 000,001,104 | ---- | M] () -- C:\NetworkCfg.xml

[2013/10/27 14:11:57 | 4021,186,559 | -HS- | M] () -- C:\pagefile.sys

[2012/11/06 20:31:56 | 000,002,530 | ---- | M] () -- C:\RHDSetup.log

[2012/10/30 22:11:54 | 000,000,185 | ---- | M] () -- C:\setup.log

[2012/10/30 22:14:52 | 000,000,085 | ---- | M] () -- C:\SYNTPAD.LOG

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

< End of report >

 

slab288

Posted

And here is the second report: -

 

OTL logfile created on: 10/27/2013 3:17:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angela\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free

15.49 Gb Paging File | 13.33 Gb Available in Paging File | 86.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 217.21 Gb Total Space | 148.66 Gb Free Space | 68.44% Space Free | Partition Type: NTFS

Drive D: | 15.38 Gb Total Space | 2.22 Gb Free Space | 14.40% Space Free | Partition Type: NTFS

 

Computer Name: ANGELA-HP | User Name: angela | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/10/27 15:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angela\Downloads\OTL.scr

PRC - [2013/10/20 08:32:50 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe

PRC - [2013/10/19 14:13:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/04/23 19:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/19 14:13:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2013/10/12 08:46:53 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll

MOD - [2013/10/12 08:45:54 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll

MOD - [2013/10/12 08:45:22 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll

MOD - [2013/10/12 08:45:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll

MOD - [2013/09/13 06:50:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/16 08:06:13 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll

MOD - [2013/08/16 07:48:35 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll

MOD - [2013/08/16 07:40:55 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll

MOD - [2013/08/16 07:39:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/12 08:05:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll

MOD - [2013/07/12 08:01:02 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2012/12/19 19:15:20 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/05/19 17:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/05/19 17:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/05/19 17:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2010/02/10 01:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2010/02/10 01:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2010/02/10 01:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2010/02/10 01:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2010/02/10 01:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2010/02/10 01:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2010/02/10 01:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2010/02/10 01:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/10/19 14:13:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/07/11 18:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2010/06/18 23:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 16:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/11/18 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2013/10/08 22:18:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/04/03 23:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2013/10/19 14:13:52 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/10/19 14:13:52 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/10/19 14:13:52 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/10/19 14:13:52 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/10/19 14:13:52 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/10/19 14:13:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/10/19 14:13:52 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/10/19 14:13:52 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/03/06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/10/30 22:12:52 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/06/17 17:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/17 16:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/23 01:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/28 12:34:32 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2010/01/28 12:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010/01/28 12:34:32 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)

DRV:64bit: - [2009/12/22 09:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/08/24 01:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{3A1B9AA9-A90A-42E1-92EA-CC3C0811CFCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{AE42C990-22DD-49E1-A235-123FF3B408F4}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{3A1B9AA9-A90A-42E1-92EA-CC3C0811CFCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_en-GB

IE - HKCU\..\SearchScopes\{D34D0FF5-C0C0-4652-AFB9-FDF40317F68B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\60F88815F26D4ED888E619D4715A098B: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/27 19:18:32 | 000,000,000 | ---D | M]

 

[2012/12/28 20:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 

========== Chrome ==========

 

CHR - default_search_provider: blekko (Enabled)

CHR - default_search_provider: search_url = http://www.google.com

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\pdf.dll

CHR - plugin: CTB Dynamic Link Library (Enabled) = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj\1.0_0\ctb.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Coupon Matcher = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.9_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: Gmail = C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe (O2)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angela\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun File not found

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235" File not found

O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235" File not found

O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)

O4 - Startup: C:\Users\angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab (GMNRev Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068DD17E-20EB-4414-B6BB-D41FB5D10BCE}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/10/27 09:44:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell - "" = AutoRun

O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell - "" = AutoRun

O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/10/27 14:07:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/27 13:03:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/10/27 11:27:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/10/27 09:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2013/10/25 09:38:38 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/10/25 09:38:38 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/10/20 08:32:21 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Roaming\AVAST Software

[2013/10/19 14:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

[2013/10/12 11:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2013/10/12 11:12:10 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Apps

[2013/10/12 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Deployment

[2013/10/11 22:13:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/10/11 22:13:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/10/11 22:13:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/10/11 22:13:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/10/11 22:13:11 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/10/11 22:13:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/10/11 22:13:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/10/11 22:13:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/10/11 22:13:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/10/11 22:13:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/10/11 22:13:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/10/11 22:13:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/10/11 22:13:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/10/11 22:13:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/10/11 22:13:05 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/10/11 07:46:15 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/10/11 07:46:12 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/10/11 07:46:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/10/11 07:46:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/10/11 07:46:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/10/11 07:46:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/10/11 07:46:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll

[2013/10/11 07:46:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/10/11 07:46:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll

[2013/10/11 07:44:59 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2013/10/11 07:44:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/10/11 07:44:50 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys

[2013/10/11 07:44:33 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/10/11 07:44:31 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2013/10/11 07:44:29 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/10/11 07:44:28 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/10/11 07:44:28 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2013/10/11 07:44:27 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2013/10/11 07:44:26 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/10/11 07:44:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/10/11 07:44:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/10/11 07:44:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/10/11 07:44:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/10/11 07:44:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/10/11 07:44:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/10/11 07:44:16 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2013/10/11 07:44:16 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

[2013/10/11 07:43:50 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll

[2013/10/09 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\angela\AppData\Local\Programs

[2013/10/04 20:35:40 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/10/04 20:35:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/10/04 20:35:23 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/10/04 20:35:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/10/04 20:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\angela\Documents\*.tmp files -> C:\Users\angela\Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/10/27 15:12:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/27 14:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/27 14:20:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/10/27 14:20:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/10/27 14:17:17 | 000,733,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/10/27 14:17:17 | 000,633,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/10/27 14:17:17 | 000,113,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/10/27 14:12:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/27 14:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/27 14:11:52 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/27 12:52:57 | 000,012,720 | ---- | M] () -- C:\Users\angela\AppData\Roaming\wklnhst.dat

[2013/10/27 09:44:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013/10/26 17:51:30 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForangela.job

[2013/10/23 12:20:41 | 002,973,360 | ---- | M] () -- C:\Users\angela\Documents\108849.pdf

[2013/10/21 21:42:36 | 000,510,809 | ---- | M] () -- C:\Users\angela\Documents\Nitecore EC25.pdf

[2013/10/19 14:14:26 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/10/19 14:13:52 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/10/19 14:13:52 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/10/19 14:13:52 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013/10/19 14:13:52 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/10/19 14:13:52 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/10/19 14:13:52 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/10/19 14:13:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/10/19 14:13:52 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013/10/19 14:13:52 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/10/19 14:13:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/10/19 13:23:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/10/12 08:30:05 | 000,416,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/09 21:47:32 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/10/08 22:18:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/08 22:18:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/10/04 20:35:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/10/04 20:35:15 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/10/04 20:35:15 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/10/04 20:35:15 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/10/04 20:35:14 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/10/04 20:35:14 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\angela\Documents\*.tmp files -> C:\Users\angela\Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/10/27 09:44:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013/10/23 12:20:35 | 002,973,360 | ---- | C] () -- C:\Users\angela\Documents\108849.pdf

[2013/10/21 21:42:35 | 000,510,809 | ---- | C] () -- C:\Users\angela\Documents\Nitecore EC25.pdf

[2013/10/12 11:12:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/12 11:12:48 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/09 21:47:32 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2012/12/29 12:15:34 | 000,012,720 | ---- | C] () -- C:\Users\angela\AppData\Roaming\wklnhst.dat

[2012/12/29 12:03:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

 

========== ZeroAccess Check ==========

 

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2013/10/27 09:44:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2013/10/27 14:11:52 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/28 17:03:02 | 000,001,104 | ---- | M] () -- C:\NetworkCfg.xml

[2013/10/27 14:11:57 | 4021,186,559 | -HS- | M] () -- C:\pagefile.sys

[2012/11/06 20:31:56 | 000,002,530 | ---- | M] () -- C:\RHDSetup.log

[2012/10/30 22:11:54 | 000,000,185 | ---- | M] () -- C:\setup.log

[2012/10/30 22:14:52 | 000,000,085 | ---- | M] () -- C:\SYNTPAD.LOG

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 22:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

< End of report >

 

slab288

Posted

Hi slab288,

 

The main Otl report was posted twice, instead of the main.txt and the extras.txt.

You should be able to find a copy of the extras.txt here:

C:\Users\angela\Downloads

 

There are a couple of things i need to check in the extras.txt.

 

Thanks

Member of:

UNITE

Posted (edited)

Sorry about that here is the Extras report as requested: -

 

OTL Extras logfile created on: 10/27/2013 3:17:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angela\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free

15.49 Gb Paging File | 13.33 Gb Available in Paging File | 86.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 217.21 Gb Total Space | 148.66 Gb Free Space | 68.44% Space Free | Partition Type: NTFS

Drive D: | 15.38 Gb Total Space | 2.22 Gb Free Space | 14.40% Space Free | Partition Type: NTFS

 

Computer Name: ANGELA-HP | User Name: angela | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{046530D9-1133-45E1-958B-430E69A27C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8EDD6067-6BEA-4CBD-904D-4982A05CF670}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AC8AF6B6-7CAC-4C60-9469-682DE5911EEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C4B94BC2-200E-4152-9373-13D08225F8E9}" = lport=2869 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3FC049AB-3F1A-4066-A1E4-CCD2657AD60F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{4773A11B-CB9A-451A-845C-FCADEB1EF61E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{633C4051-8547-491D-A659-264168DE7915}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{7B096269-7CCA-4CAD-B082-E48E15141659}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |

"{864483D9-F636-4717-828D-D52A0BF772CC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{8CB2945B-B593-45CA-AE37-500DF5B285C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{9FA4AF83-8FEF-4B78-9832-09C86A61C984}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |

"{C6F821EE-D226-4E7F-8635-CBBBBC5CA8E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{D97E7F9A-4EF9-4E7D-92F9-8A6CB094BC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |

"{E6801714-BCB7-47E5-B126-5A7B56AAF071}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |

"TCP Query User{AA61F935-B134-497D-940E-556830A37D06}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{61D2A3D2-BAE5-4D93-BD6D-6AA49FB8F464}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ZTE USB Driver" = ZTE USB Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai

"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20C44F68-5CC1-4EF2-AC9F-744166861406}" = O2 Connection Manager

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding

"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR

"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional

"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation

"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager

"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1

"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2

"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese

"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework

"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English

"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All

"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Standard 9

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian

"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"avast" = avast! Free Antivirus

"Coupon Matcher" = Coupon Matcher

"CouponMatcher" = CouponMatcher

"EasyBits Magic Desktop" = Magic Desktop

"EPSON Scanner" = EPSON Scan

"EPSON SX235 Series Netg" = Network Guide EPSON SX235 Series

"EPSON SX235 Series Useg" = User's Guide EPSON SX235 Series

"HP Photo Creations" = HP Photo Creations

"Huawei Modems" = Huawei modem

"IECT3299872" = Installl Converter Toolbar for IE

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"My HP Game Console" = HP Game Console

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PictureIt_v9" = Microsoft Picture It! Photo Standard 9

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"Works2004Setup" = Microsoft Works 2004 Setup Launcher

"WT087328" = Blackhawk Striker 2

"WT087342" = Dora's Carnival Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087374" = Jewel Quest - Heritage

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087420" = Agatha Christie - Death on the Nile

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087513" = Virtual Villagers - The Secret City

"WT087533" = Zuma Deluxe

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FoxTab Video Converter" = FoxTab Video Converter

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/27/2013 10:19:36 AM | Computer Name = angela-HP | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 10.0.9200.16720 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1224 Start

Time: 01ced31f806ee0fd Termination Time: 31 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id: c79e8b95-3f12-11e3-b2f3-6431505308bb

 

[ Hewlett-Packard Events ]

Error - 11/13/2012 2:31:56 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 11/20/2012 3:45:01 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1786

Ram

Utilization: 80 TargetSite: Void loadXML()

 

Error - 11/20/2012 3:46:13 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 11/28/2012 4:53:37 AM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:18 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:18 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:18 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:18 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:18 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

Error - 12/18/2012 2:09:29 PM | Computer Name = angela-HP | Source = HPSF.exe | ID = 4000

Description =

 

[ HP Wireless Assistant Events ]

Error - 7/1/2013 4:45:40 AM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 7/21/2013 3:54:03 AM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1

radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 8/2/2013 6:57:12 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC

server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()

at System.Management.ManagementEven****cher.Stop() at System.Management.ManagementEven****cher.Finalize()

 

Error - 8/13/2013 11:53:54 AM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC

server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()

at System.Management.ManagementEven****cher.Stop() at System.Management.ManagementEven****cher.Finalize()

 

Error - 8/27/2013 12:56:18 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 8/27/2013 3:59:19 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC

server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()

at System.Management.ManagementEven****cher.Stop() at System.Management.ManagementEven****cher.Finalize()

 

Error - 9/22/2013 6:48:02 AM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 9/22/2013 4:31:32 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC

server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()

at System.Management.ManagementEven****cher.Stop() at System.Management.ManagementEven****cher.Finalize()

 

Error - 10/9/2013 3:27:56 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 10/19/2013 5:07:24 PM | Computer Name = angela-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC

server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()

at System.Management.ManagementEven****cher.Stop() at hpCASL.d.Dispose() at

hpCASL.d.Finalize()

 

 

< End of report >

Edited by slab288
Posted
Sorry about that

Don't worry, it happens more often than you'd think. :)

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )

:otl
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angela\AppData\Local\Conduit\BackgroundC ontainer\BackgroundContainer.dll",DllRun File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun
O33 - MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell - "" = AutoRun
O33 - MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/10/27 09:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 45 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 45".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    .
    Java 7 Update 13
    Java 7 Update 17
    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

 

 

In your next reply, please submit:

Otl fix report

and let me know if the Java update went ok.

If you get a message saying that the update couldn't be verified, don't worry.... it's a glitch and everyone seems to get the message.

 

 

Thanks.

Member of:

UNITE

Posted

Here is the report as requested........one thing, when it went to re-boot I popped off to make a cup of tea when I came back it was a blank screen, I could move the curser around but apart from that the computer had frozen again and I had to switch it off using the on/off switch.

 

All processes killed

========== OTL ==========

Service esgiguard stopped successfully!

Service esgiguard deleted successfully!

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ scheduled to be deleted on reboot.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a8ef65-137a-11e0-9f11-6431505308bb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a8ef65-137a-11e0-9f11-6431505308bb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a8ef65-137a-11e0-9f11-6431505308bb}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a8efbd-137a-11e0-9f11-6431505308bb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a8efbd-137a-11e0-9f11-6431505308bb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a8efbd-137a-11e0-9f11-6431505308bb}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267950a8-3625-11e1-b2d3-001e101f82a0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{267950a8-3625-11e1-b2d3-001e101f82a0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267950a8-3625-11e1-b2d3-001e101f82a0}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b64d3e5-c2d0-11e0-91ad-6431505308bb}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0eb21d-129b-11e0-b5dd-6431505308bb}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2d6b564-137b-11e0-8342-6431505308bb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2d6b564-137b-11e0-8342-6431505308bb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2d6b564-137b-11e0-8342-6431505308bb}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\AutoRun.exe not found.

C:\sh4ldr folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\mon folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.

C:\Program Files\Enigma Software Group folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\angela\Desktop\cmd.bat deleted successfully.

C:\Users\angela\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: angela

->Temp folder emptied: 1372156237 bytes

->Temporary Internet Files folder emptied: 1308227505 bytes

->Java cache emptied: 21871 bytes

->Google Chrome cache emptied: 10704677 bytes

->Flash cache emptied: 148814 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 57472 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1715702 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 912553055 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3,479.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 10272013_163725

Files\Folders moved on Reboot...

C:\Users\angela\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W4BJI5TU\xd_arbiter[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VPF37D4M\hub[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VPF37D4M\hub[2].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VPF37D4M\like[5].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VPF37D4M\tweet_button.1382126667[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TW1385E6\MTP_ySUJH_bn48VBG8sNSoM1ygXM8I716iU3CHRQUAk[1].eot moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TW1385E6\xd_arbiter[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JFHKB2YW\pinit016[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IA84GS0W\15751-Conduit-com[1].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9BVW22Y9\RjgO7rYTmqiVp7vzi-Q5UfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9BVW22Y9\sh140[2].htm moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\336SXLLR\DXI1ORHCpsQm3Vp6mXoaTYM1ygXM8I716iU3CHRQUAk[1].eot moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.

C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

File move failed. C:\Users\angela\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ scheduled to be deleted on reboot.

Posted

Hi Starbuck I wonder if you can be more specific with regard to the java download, I had the same problem when I downloaded it the last time and not sure I got it correct, there are a lot of choices. The initial screen shows "platform" and "netbean" I'm not sure which one to save to the desktop and what I have tried then gives similar multiple choices and which one I'm not sure, I do know it's a 64bit but there a few choices there.

 

Sorry to be a pest LOL!!

 

slab288

Posted
The initial screen shows "platform" and "netbean" I'm not sure which one to save to the desktop

None of those.

Scroll down and you'll see where you are meant to click:

 

Once you click the link i gave, these are what you need to click on:

 

http://img.photobucket.com/albums/v708/starbuck50/java1_zpsd80621ea.png

 

Now click to Accept the license agreement.

 

http://img.photobucket.com/albums/v708/starbuck50/java2_zps03586290.png

 

Hope these pics help

Member of:

UNITE

Posted
Hi slab288

 

Nice one :)

 

How is the system running now?

Any better?

 

Yeah much better and faster.........perfect, thanks again for your time & help it's appreciated.

 

slab288

Posted

Hi slab288

 

Yeah much better and faster.........perfect

Always good to hear. :)

 

thanks again for your time & help it's appreciated

No problem at all.

Glad i could help.

 

Let's clear up then:

 

Step 1

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

 

JRT can now be removed also. (right click on the JRT icon and select delete)

 

 

Step 2

  • Please double-click OTL to run it.
  • You should see a CleanUp! button, press that button,
     
    http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
     
  • This will cleanup an assortment of tools used during malware removal, plus itself

 

Note:

MBAM will not be removed if installed.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

Posted (edited)

Starbuck where do I find AdwCleaner.exe? I have looked in add/remove, accessories but can't see it. It isn't on my desk top.........not sure if I have removed it already, I don't think I would have without being ask to by either yourself or one of the others!

 

slab288

Edited by slab288
Posted
Hi Slab288 AdwCleaner was run from the temp folder , then Starbuck had you empty the temp folder as a part of the OTL scan so If you can't find it that will be why just continue with the clean and safe computing.

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Posted

That's correct.

I realised what had happened as soon as i saw your post.

Now you see the reality of what i said earlier:

 

It's not advisable to run programs from the Temp Internet files.

This normally happens when you click on Run instead of clicking on Save from the download.

Always save the download and then run from the Desktop or the Download folder.

If we clean the Temp files, any download will also be removed.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...