carolinejoy Posted January 26, 2011 Posted January 26, 2011 Computer Takes 11 Minutes to Shut Down; Hangs up during Start up with I have to hit the power button 10sec Computer Takes 11 Minutes to Shut Down; Hangs up during Start up with After Start Up with Black Screen; I have to hit the power button 10sec Posted 21 January 2011 - 09:08 PM Forum: Security Virus, Spyware, Malware Removal I have an HP Pavilion dv6. The problem I have is when I start my computer, it hangs up on a black screen. I will not even reach the desktop. Then, it will not respond with any key I press. The only thing I can do is hit the power button for 10 seconds, then it will restart. I will get "start window normally or start windows in a safe mode screen." My computer will work after I select "start windows normally." When I shut down the computer, I also have another problem. It takes 11 minutes to shut down. It will stay on the "shutting down" screen. I have AVG anti virus, lavasoft ad-aware, auslogics boostspeed and clean-up! installed on my computer. I also have crashplan from code42 for back-up. I have done a system restore and restored to one month before. But I still get the same result. MBAM log: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Database version: 5603 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 1/26/2011 7:14:26 AM mbam-log-2011-01-26 (07-14-26).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 491563 Time elapsed: 8 hour(s), 12 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL log OTL logfile created on: 1/26/2011 7:15:53 AM - Run 2 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Wayne Wagner\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.51 Gb Total Space | 121.88 Gb Free Space | 42.69% Space Free | Partition Type: NTFS Drive D: | 12.58 Gb Total Space | 1.46 Gb Free Space | 11.63% Space Free | Partition Type: NTFS Computer Name: WAYNEWAGNER-PC | User Name: Wayne Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wayne Wagner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC) PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\SMINST\BLService.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Wayne Wagner\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan) SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/01/20 22:37:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 21:05:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/20 22:37:45 | 000,000,000 | ---D | M] [2011/01/11 12:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/05/11 19:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/07 20:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/12/02 18:53:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/20 22:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/01/20 22:37:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX [2009/11/01 09:10:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2010/07/07 16:58:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} [2010/05/15 16:36:38 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\RUNTIME@PANDA3D.ORG [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [siteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000..\RunOnce: [RegistryDefrag] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\RegDefrag.exe (Auslogics) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1463916579-3978265779-3180963287-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 167.206.254.1 167.206.254.2 O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7f5c4191-7a20-11de-9ebc-00238bc93da1}\Shell\AutoRun\command - "" = Connect.exe O34 - HKLM BootExecute: (rdboot64.exe {16907711-4DF7-479c-939A-8F50F42128C3}) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/01/25 19:40:30 | 000,051,312 | ---- | C] (Auslogics) -- C:\Windows\SysNative\rdboot64.exe [2011/01/25 16:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/01/25 16:57:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/01/25 16:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/01/25 16:57:49 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/01/25 16:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/01/22 21:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan [2011/01/20 12:46:02 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011/01/20 12:46:02 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011/01/17 06:53:51 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe [2011/01/11 12:06:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/01/11 12:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/01/11 12:06:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe ========== Files - Modified Within 30 Days ========== [2011/01/26 06:52:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/26 06:52:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/26 06:47:28 | 000,000,968 | ---- | M] () -- C:\Users\Wayne Wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/01/26 06:40:06 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job [2011/01/26 06:40:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job [2011/01/26 03:47:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cliconfg.rll [2011/01/26 03:38:52 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cliconfg.rll [2011/01/26 03:36:07 | 000,225,280 | ---- | M] (VideoSoft) -- C:\Windows\SysWow64\VSFLEX3.OCX [2011/01/26 03:36:05 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysWow64\SynTPCOM.dll [2011/01/26 03:36:04 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysWow64\SynCtrl.dll [2011/01/26 03:36:04 | 000,163,840 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysWow64\SynCOM.dll [2011/01/26 03:35:57 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RDOCURS.DLL [2011/01/26 03:35:52 | 000,167,936 | ---- | M] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2011/01/26 03:35:52 | 000,069,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\oemdspif.dll [2011/01/26 03:35:46 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSRDO20.DLL [2011/01/26 03:35:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2011/01/26 03:35:46 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTKPRP.DLL [2011/01/26 03:35:41 | 000,065,536 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL [2011/01/26 03:35:41 | 000,061,440 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL [2011/01/26 03:35:41 | 000,061,440 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71FRA.DLL [2011/01/26 03:35:41 | 000,061,440 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL [2011/01/26 03:35:41 | 000,049,152 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL [2011/01/26 03:35:41 | 000,049,152 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL [2011/01/26 03:35:40 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC42ENU.DLL [2011/01/26 03:35:40 | 000,045,056 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL [2011/01/26 03:35:40 | 000,040,960 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL [2011/01/26 03:35:29 | 003,895,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll [2011/01/26 03:35:29 | 002,256,896 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll [2011/01/26 03:35:29 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2011/01/26 03:35:27 | 002,359,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\ig4dev32.dll [2011/01/26 03:35:22 | 000,061,440 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll [2011/01/26 03:35:20 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011/01/26 03:35:12 | 000,176,128 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL [2011/01/26 03:35:12 | 000,118,784 | ---- | M] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll [2011/01/26 03:35:12 | 000,106,496 | ---- | M] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2011/01/26 03:35:12 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/01/26 03:35:11 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL [2011/01/26 03:35:11 | 000,073,728 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2011/01/26 03:35:11 | 000,073,728 | ---- | M] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll [2011/01/26 03:20:46 | 000,131,072 | ---- | M] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll [2011/01/26 03:00:31 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\wilmer almendares reexam.doc [2011/01/26 03:00:24 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\victor aguilar initial 2.doc [2011/01/26 03:00:24 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\victor rivera reexam.doc [2011/01/26 03:00:24 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\vicente guzman initial.doc [2011/01/26 03:00:24 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\wanda morales reexam4.doc [2011/01/26 03:00:22 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\silvia nunez initial 2.doc [2011/01/26 03:00:17 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\rudolph jean louis reexam.doc [2011/01/26 03:00:17 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ruth orellana reexam3.doc [2011/01/26 03:00:15 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\rogelio interiano initial.doc [2011/01/26 03:00:15 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\roderick gibson initial.doc [2011/01/26 03:00:14 | 000,020,480 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\restrictions.doc [2011/01/26 03:00:13 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ralph edouard initial.doc [2011/01/26 03:00:13 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\rafael ayala initial 2.doc [2011/01/26 03:00:12 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\pedro santos initial.doc [2011/01/26 03:00:11 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\patricia denton initial.doc [2011/01/26 03:00:11 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\oscar ruano initial.doc [2011/01/26 03:00:11 | 000,020,480 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\out of work letter.doc [2011/01/26 03:00:11 | 000,008,192 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\pablo castro ime.wps [2011/01/26 03:00:10 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\nicole mandeville initial.doc [2011/01/26 03:00:10 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\oscar castro initial.doc [2011/01/26 03:00:05 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\nadine jones reexam.doc [2011/01/26 03:00:02 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\monica cruz reexam.doc [2011/01/26 03:00:02 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\monica cruz initial.doc [2011/01/26 03:00:02 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mohanaroban thiyakaraja reexam.doc [2011/01/26 03:00:02 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\MUSIC CD.doc [2011/01/26 03:00:01 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mliagros cespedes reexam.doc [2011/01/26 03:00:01 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\miguel marmol initial.doc [2011/01/26 03:00:01 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mireille eugene reexam.doc [2011/01/26 03:00:01 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\miguel solis initial.doc [2011/01/26 03:00:01 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mervin salkey initial.doc [2011/01/26 03:00:01 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\miguel rivera reexam.doc [2011/01/26 03:00:01 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mercy murcia initial.wps [2011/01/26 03:00:00 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\melcin duque initial.doc [2011/01/26 03:00:00 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\melanie reyes initial.doc [2011/01/26 02:59:54 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mayra martinez initial.doc [2011/01/26 02:59:54 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\maxine robinson initial.doc [2011/01/26 02:59:54 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\maybelline martinez initial.doc [2011/01/26 02:59:52 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\mario hernandez initial.doc [2011/01/26 02:59:51 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\marie robert initial.doc [2011/01/26 02:59:50 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\maria flores initial.doc [2011/01/26 02:59:49 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\marden gonzalez final.doc [2011/01/26 02:59:49 | 000,008,192 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\manuel mendoza phys initial 031202.wps [2011/01/26 02:59:47 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\lissette de la cruz initial.doc [2011/01/26 02:59:42 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\josue castiblanco reexam 2.doc [2011/01/26 02:59:42 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\juan m gonzalez reexam.doc [2011/01/26 02:59:41 | 000,020,480 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jose rocano initial.wps [2011/01/26 02:59:40 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jose granados initial.doc [2011/01/26 02:59:40 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jose funes initial.doc [2011/01/26 02:59:40 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jose gutierrez initial.doc [2011/01/26 02:59:38 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jorge colina initial.doc [2011/01/26 02:59:37 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jennifer reyes initial.doc [2011/01/26 02:59:35 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\jaime mata reexam.doc [2011/01/26 02:59:34 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\irma portillo initial.doc [2011/01/26 02:59:34 | 000,008,192 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ime denial.wps [2011/01/26 02:59:32 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gilberto aragon reexam.doc [2011/01/26 02:59:32 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\german medina reexam.doc [2011/01/26 02:59:32 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gloria pleitez final.doc [2011/01/26 02:59:32 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gerardo magana initial.doc [2011/01/26 02:59:31 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gerardo herrarte initial.doc [2011/01/26 02:59:31 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\geovanni pintado initial.doc [2011/01/26 02:55:29 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gabriel diaz reexam2.doc [2011/01/26 02:55:29 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\gabriel bran reexam2.doc [2011/01/26 02:55:26 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\fanny estrada reexam.doc [2011/01/26 02:55:26 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\evelio flores initial.doc [2011/01/26 02:55:26 | 000,028,672 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\fabion shields initial.doc [2011/01/26 02:55:26 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\exercises.doc [2011/01/26 02:55:25 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\estela benitez initial.doc [2011/01/26 02:55:24 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\elisa carranza reexam.doc [2011/01/26 02:55:24 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\elmer ramirez initial.doc [2011/01/26 02:55:23 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\edwin garcia initial.doc [2011/01/26 02:55:23 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\edwin diaz initial.doc [2011/01/26 02:55:22 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\dwayne brown initial.doc [2011/01/26 02:55:22 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\edgar martinez initial.doc [2011/01/26 02:55:22 | 000,024,576 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\drop out letter.doc [2011/01/26 02:55:22 | 000,020,480 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\dr ravitch complaints.doc [2011/01/26 02:55:21 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\dolores rodas initial.doc [2011/01/26 02:55:21 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\donnisa brown reexam2.doc [2011/01/26 02:54:39 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\dilma arias reexam.doc [2011/01/26 02:54:38 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\dilcia mendez reexam.doc [2011/01/26 02:54:37 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\deidre mcallister initial2.doc [2011/01/26 02:54:37 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\cristina gonzalez initial.doc [2011/01/26 02:54:37 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\consuelo mejia initial.doc [2011/01/26 02:54:37 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\danilo osejo reexam.doc [2011/01/26 02:54:35 | 000,045,056 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\carlos villalobos initial.doc [2011/01/26 02:54:34 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\carlos hernandez initial.doc [2011/01/26 02:54:34 | 000,032,768 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\brigida fuentes reexam.doc [2011/01/26 02:54:34 | 000,020,480 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\cable.doc [2011/01/26 02:54:33 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\bineta diop initial.doc [2011/01/26 02:54:31 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\annette jeffries initial.doc [2011/01/26 02:54:29 | 000,049,152 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\amanda garcia initial.doc [2011/01/26 02:54:28 | 000,040,960 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ahida ventura initial.doc [2011/01/26 02:53:57 | 000,036,864 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ada guzman initial.doc [2011/01/25 16:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/25 08:19:37 | 104,854,394 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2011/01/12 15:42:04 | 000,021,517 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\luis mancia reexam.docx [2011/01/09 16:12:01 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWayne Wagner.job [2010/12/28 11:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2010/12/28 10:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2010/12/28 09:36:54 | 000,006,080 | ---- | M] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps.dat [2010/12/28 08:19:26 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010/12/27 20:25:28 | 000,034,304 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ana ruiz initial.doc [2010/12/27 17:34:36 | 000,039,424 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\ashly syms initial.doc [2010/12/27 15:50:37 | 000,002,637 | ---- | M] () -- C:\Users\Wayne Wagner\Desktop\Microsoft Word 2010.lnk ========== Files Created - No Company Name ========== [2011/01/12 15:39:13 | 000,021,517 | ---- | C] () -- C:\Users\Wayne Wagner\Documents\luis mancia reexam.docx [2010/12/27 17:47:14 | 000,034,304 | ---- | C] () -- C:\Users\Wayne Wagner\Documents\ana ruiz initial.doc [2010/12/27 16:02:25 | 000,039,424 | ---- | C] () -- C:\Users\Wayne Wagner\Documents\ashly syms initial.doc [2010/12/27 15:50:32 | 000,002,637 | ---- | C] () -- C:\Users\Wayne Wagner\Desktop\Microsoft Word 2010.lnk [2010/11/28 16:00:15 | 000,000,552 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d8caps.dat [2010/09/18 22:56:13 | 000,000,100 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\fusioncache.dat [2010/09/18 22:54:46 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/07/31 21:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/05/09 07:59:21 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\prvlcl.dat [2010/04/24 08:16:39 | 000,000,485 | ---- | C] () -- \updatedatfix.log [2010/03/23 15:23:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/03/23 15:21:30 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/03/23 15:21:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/03/23 14:37:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2010/03/23 14:37:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2010/03/23 14:37:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/03/23 14:37:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/03/23 14:28:05 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini [2010/03/18 07:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/03/18 07:42:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/03/11 21:06:47 | 000,000,732 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps64.dat [2009/10/18 07:29:15 | 000,193,647 | ---- | C] () -- \aaw7boot.log [2009/07/29 19:59:39 | 000,000,512 | ---- | C] () -- \lxbm.log [2009/07/24 07:51:31 | 000,000,405 | ---- | C] () -- C:\Windows\Lexstat.ini [2009/07/03 10:49:32 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\FnF4.txt [2009/06/28 08:27:01 | 000,006,080 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps.dat [2009/06/25 21:28:03 | 000,071,168 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/25 20:42:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/06/25 18:02:29 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\QSwitch.txt [2009/06/25 18:02:29 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\DSwitch.txt [2009/06/25 18:02:29 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\AtStart.txt [2009/06/25 18:02:20 | 002,904,659 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2009/05/24 06:14:24 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/05/24 06:14:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/05/24 06:13:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/05/24 06:13:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/05/24 06:11:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2009/05/24 05:23:40 | 241,438,719 | -HS- | C] () -- [2009/01/13 11:52:55 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009/01/13 11:46:32 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009/01/13 11:44:32 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009/01/13 11:43:02 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2008/06/09 01:01:12 | 000,333,257 | RHS- | C] () -- \bootmgr [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/12/02 02:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll ========== LOP Check ========== [2009/07/24 07:51:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\4200 Series [2009/07/24 07:51:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\4200Series [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2010/12/02 18:14:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVG Security Toolbar(221) [2010/12/02 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVG10 [2010/10/24 06:32:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\avg9 [2010/04/29 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco Systems [2010/10/26 07:30:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files [2011/01/22 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\CrashPlan [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2009/11/14 17:03:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\EmailNotifier [2010/01/31 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSellerate [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2010/01/31 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\LightScribe [2010/05/29 19:41:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ludia [2010/12/02 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\MFAData [2009/09/27 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\PlayFirst [2011/01/20 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\PMB Files [2009/09/13 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games [2010/03/18 10:21:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\Rosetta Stone [2010/03/18 09:11:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\RosettaStoneLtdBackup [2010/12/14 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft [2010/08/08 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\SmartSound Software Inc [2009/07/25 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony Online Entertainment [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2010/08/01 09:33:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2009/07/26 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WebEx [2010/05/29 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent [2009/10/24 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} [2009/01/13 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010/07/11 17:38:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{65893B95-F47B-4483-B883-86BA181E9B54} [2006/11/02 08:33:54 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2006/11/02 10:42:17 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009/06/25 17:50:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2006/11/02 07:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2006/11/02 07:34:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2011/01/20 22:37:46 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2010/05/12 17:57:17 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2010/12/02 21:56:34 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2006/11/02 07:34:32 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2009/06/26 08:30:09 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2006/11/02 10:25:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2006/11/02 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV [2006/11/02 10:25:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2009/06/25 17:48:07 | 000,000,000 | -H-D | M] -- C:\Users\Wayne Wagner\AppData [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Application Data [2009/06/25 18:01:53 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Contacts [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Cookies [2011/01/26 07:14:12 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Desktop [2011/01/12 20:40:06 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Documents [2011/01/25 16:56:53 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Downloads [2010/03/07 16:16:37 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Favorites [2011/01/22 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Wayne Wagner\Incomplete [2010/02/10 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Wayne Wagner\Library [2009/06/25 18:02:08 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Links [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Local Settings [2011/01/25 10:37:09 | 000,000,000 | ---D | M] -- C:\Users\Wayne Wagner\Music [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\My Documents [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\NetHood [2010/11/20 05:52:19 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Pictures [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\PrintHood [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Recent [2010/01/18 12:30:33 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Saved Games [2009/06/25 18:02:08 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Searches [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\SendTo [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Start Menu [2009/06/25 17:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne Wagner\Templates [2010/10/10 16:21:21 | 000,000,000 | R--D | M] -- C:\Users\Wayne Wagner\Videos [2010/12/14 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Wayne Wagner\Wayne's Px [2011/01/25 16:45:48 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\Users\All Users\Temp:09B199F1 @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:09B199F1 < End of report > Quote
Starbuck Posted January 26, 2011 Posted January 26, 2011 Hi carolinejoy and welcome to Extreme Tech Support - Free PC Help. You didn't include the extras.txt from the 1st run. The extras.txt should be here: C:Users\Wayne Wagner\Downloads You have a lot of unnecessary startup items running. I'll stop most in the OTL script ( it's easier that way) This will not remove any files/programs from your system.... it'll just stop the programs launching at startup. All of these can be started manually from the start menu. We'll also do a cleaning up at the same time. Windows Welcome Center Not needed at all. When the Windows Welcome Center next comes up, Untick the box at the bottom and close the screen down. http://img.photobucket.com/albums/v708/starbuck50/new/welcomecenter.png Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl IE - HKU.DEFAULT..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKUS-1-5-18..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKUS-1-5-21-1463916579-3978265779-3180963287-1000..URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found. O4 - HKLM..Run: [] File not found @Alternate Data Stream - 171 bytes -> C:UsersAll UsersTemp:09B199F1 @Alternate Data Stream - 171 bytes -> C:ProgramDataTemp:09B199F1 :Reg [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "HP Health Check Scheduler"=- "UpdatePSTShortCut"=- "UpdatePDIRShortCut"=- "UpdateP2GoShortCut"=- "UpdateLBPShortCut"=- "UCam_Menu"=- "IndexSearch"=- "ControlCenter3"=- "Adobe Acrobat Speed Launcher"=- "AppleSyncNotifier"=- "BrMfcWnd"=- "PaperPort PTD"=- "PPort11reminder"=- :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:_OTLMovedFiles In your next reply, please submit: Otl fix report The extras.txt from the 1st run. let me know if things have improved any. Thanks. Quote Member of:UNITE
Dalo Harkin Posted January 26, 2011 Posted January 26, 2011 I am sure that Starbuck will mention this, but you will be wanting to consider looking at another AV program. Ad-aware was used a few years ago, but there were many false positives with that program so it dwindled into the background too. I would be considering something like MSE if I were you Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
carolinejoy Posted January 26, 2011 Author Posted January 26, 2011 Thank you so much for the quick reply. For the first instruction, "When the Windows Welcome Center next comes up, Untick the box at the bottom and close the screen down." I am unable to find that box in my welcome screen. I do not know why. I see all the other part of the image, I even scrolled down. I have also deleted Ad-aware as mentioned by Dalo Harkin using Add/remove programs. The shut down has improved. Here is the log file from OTL: All processes killed ========== OTL ========== Registry key HKEY_USERS.DEFAULTSoftware\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully. Registry key HKEY_USERSS-1-5-18Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry key HKEY_USERSS-1-5-21-1463916579-3978265779-3180963287-1000Software\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully. Unable to delete ADS C:UsersAll UsersTemp:09B199F1 . Unable to delete ADS C:ProgramDataTemp:09B199F1 . ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"HP Health Check Scheduler"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"UpdatePSTShortCut"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"UpdatePDIRShortCut"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"UpdateP2GoShortCut"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"UpdateLBPShortCut"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"UCam_Menu"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"IndexSearch"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"ControlCenter3"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"Adobe Acrobat Speed Launcher"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"AppleSyncNotifier"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"BrMfcWnd"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"PaperPort PTD"\ not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\\"PPort11reminder"\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. File delete failed. C:\Users\Wayne Wagner\Downloads\cmd.bat scheduled to be deleted on reboot. C:\Users\Wayne Wagner\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Wayne Wagner ->Temp folder emptied: 25954825 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 43216007 bytes ->Apple Safari cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66744 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 66.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Wayne Wagner Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.20.3 log created on 01262011_171251 Files\Folders moved on Reboot... C:\Users\Wayne Wagner\Downloads\cmd.bat moved successfully. C:\Users\Wayne Wagner\AppData\Local\Temp\ehmsas.txt moved successfully. File move failed. C:\Windows\temp\WebEx\Log\126\atashost.log scheduled to be moved on reboot. File\Folder C:\Windows\temp\hsperfdata_WAYNEWAGNER-PC$\3028 not found! File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... Here is the extras.txt on the first run. OTL Extras logfile created on: 1/21/2011 8:03:35 PM - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Wayne Wagner\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.51 Gb Total Space | 122.70 Gb Free Space | 42.97% Space Free | Partition Type: NTFS Drive D: | 12.58 Gb Total Space | 1.46 Gb Free Space | 11.63% Space Free | Partition Type: NTFS Computer Name: WAYNEWAGNER-PC | User Name: Wayne Wagner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1463916579-3978265779-3180963287-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 41 10 4C 46 74 C8 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AA720B-85F7-483C-AD2B-D640AF4F2D81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | "{2494CCF5-4F7F-4233-B0F7-28E52F8AEC9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{2903601D-C078-4D15-A642-6E6E38C284FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56D84CF9-B0AB-4F09-96B2-2A366480B938}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{59520B26-62C5-4CC6-9377-39396C2B4086}" = rport=10243 | protocol=6 | dir=out | app=system | "{636E4FD3-CDE2-4897-8DA4-882CB0FB52D9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{64E06C58-CD1A-4B51-B3EE-B91B56B0D4B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{710E8A0B-A078-420B-9D4A-417519AECFD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{7E9CE439-199A-4F05-AD4D-06D5128669A4}" = lport=10243 | protocol=6 | dir=in | app=system | "{7FC8BAD5-369F-418F-9248-DF762953A69B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{881411BB-1D6A-416B-BF03-AFCFF5B63047}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88520AA0-1FEF-4478-B34C-F60DE37FA7E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{905DA55A-FFE5-4B1A-933A-5F186111357E}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner | "{9512CC1C-80E4-4D78-9AA1-C00810966CA8}" = lport=2869 | protocol=6 | dir=in | app=system | "{97EFC8F2-EA6F-497D-9E5C-9DDDB1679C92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | "{B92BF8E4-9095-4E36-8899-44E824A239F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC789F8A-4DCD-414C-939E-9FBD26144F7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5ED12DC-A2FD-4089-90F7-0F8E439D3398}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{EB7076E5-69AB-4C15-AF33-A219F159321B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01260288-05A2-44BB-8F92-08AD367D6E81}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{05C05FEA-B45B-47B4-8E9E-5F385452657D}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe | "{073D953A-29A7-4970-83FD-C2825B35792A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{09FF6B69-5F45-449B-8BE9-C0DE2E2DE945}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{0FA3B3B6-AF91-4E27-B384-1C2312B44E09}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{110D266C-28ED-4EDE-B202-B92ADF067079}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{194F79A3-522F-46AD-BB23-462D16D2C30E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{282FD8D9-9529-4ADA-A415-E70CA6CE2265}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{2C26D412-83D5-4F75-9A7F-4E4A0424E160}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{2E143A4A-00CF-486F-B970-9EFB2D469AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{30823201-583D-4F2D-A981-88EF40883033}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{36834BDF-9526-44EA-9808-CBEFE373CA99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{3940A3EF-9C2D-4329-B2CA-112374C08B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{40062E21-DC4F-427E-A9D7-938A5DCB3788}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{45F8B889-F419-48A7-8F2D-B02B7CA927FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{47B535CA-6DDB-4A62-8B91-5F5B3C30A4C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{48C7C957-5DF5-46E6-8706-8F2A9F8853D4}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | "{50E37968-E04D-48AA-8F5A-A1800FC7CE17}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe | "{5220917F-67F5-4B88-A70A-3DE873C35C71}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{6AB6C47F-51E0-4437-806B-2B2EF78572B5}" = protocol=6 | dir=out | app=system | "{707DCE4D-533A-4ECF-9724-CDAF33AE483B}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{7D398DEE-FAEA-4E75-9634-64A284C5F0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{859D0B40-1BC5-4BFF-8DB4-8AE5810A2DBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8A3C59C0-9BB2-4862-B33D-BE8397BD27B6}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{8B492EAF-609B-48C4-B2C8-42F39A99A2F2}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{929B5132-2317-44C9-93BB-9FEEBBF7B0BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93553F53-17B3-47FC-9CE5-D0DDE6D6D57A}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe | "{93E59B14-A409-4B46-A393-89D7320AFBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{9781B68A-01ED-426F-B074-79A17DACF115}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{ADF93BE0-C65D-4D59-B8C7-4E3C66C49011}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{AF87332F-FC7F-4324-97ED-ACDC8CC6437E}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe | "{B5C5FAFF-7C3D-4BFA-91C1-1393FB3F2372}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe | "{B9D801FE-6C54-45AE-BF87-B64C56112846}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe | "{C44FDEB9-346D-4D75-ADD6-5FA3ECBCECA1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CE73174F-1406-439C-8A68-8D4B18D403D2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DE9BD535-A8CC-4322-97C0-1A3B300F62A2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{DF4F1CD0-F06A-4B01-B06B-DFD3A4B7307F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E2CEA791-E21F-4628-90C1-1CB574B5C877}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe | "{EC8745DD-2D7D-4DFB-BDBB-7BC38867AFD5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{EFEB3174-5661-46C0-BABE-1CD7EBAC9B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F736A7A0-9514-4842-A1B1-33060B5759F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FA663470-C556-4163-8336-59B22B6C0406}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe | "{FA9FEB69-7390-4416-89E0-AD737E8ED57E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FCAC6FFA-2E57-41B7-8C3A-447D6AEFF751}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "TCP Query User{3784C76A-CCDB-488F-B0AF-8382388AEF6B}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "TCP Query User{5F1FEAA0-295F-4F0D-BCC9-EE4A09450CDB}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe | "TCP Query User{8D03D5F7-3F6E-4107-9E5A-E4F716B57E49}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "TCP Query User{99614AAF-EEE3-4309-A3E6-94B251B257D0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{A60ECB96-B6F8-4C9F-8835-DAC4813A7305}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{E0724F9B-AF95-4788-A2BE-E4E094F4E647}C:\program files\sports medicine\safran\jvm\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\sports medicine\safran\jvm\bin\java.exe | "UDP Query User{2B8C0EA9-7FE6-4764-99A4-6BA2CA990A1D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "UDP Query User{2C0F379C-1136-4851-9444-8C8970562404}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{4625A3EC-BE05-41EB-9E1D-702017FABD41}C:\program files\sports medicine\safran\jvm\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\sports medicine\safran\jvm\bin\java.exe | "UDP Query User{50DA3A67-85A9-4CD3-A7E6-D9D7E26A45B2}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "UDP Query User{9D1EDBEC-68C5-403E-A498-484C519548DA}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe | "UDP Query User{DFDA6E14-6081-4EEC-8723-C3D316C7AEBE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{544974E3-D015-401C-900C-E5D137BC930E}" = AVG 2011 "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{EE6BFB57-3FA2-438E-ADFA-53A03728E933}" = CrashPlan "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) "Agere Systems Soft Modem" = Agere Systems HDA Modem "AVG" = AVG 2011 "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "C62C7F8B4DBDBBC3DA11788634DAE156425CCA10" = Windows Driver Package - OEM (mr7911) Image (05/27/2008 1.0.0.0) "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{184A0FAD-8D80-4ADA-AF98-D94843D53A1E}" = Photo Viewer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 23 "{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126 "{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library "{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere "{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBAE3885-5B69-4098-AFA0-ACBAD44D9242}" = Sports Medicine "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant "{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "ActiveTouchMeetingClient" = WebEx "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Cisco Connect" = Cisco Connect "CleanUp!" = CleanUp! "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "FileZilla Client" = FileZilla Client 3.3.3 "FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream "FrostWire" = FrostWire 4.20.7 "HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Office14.SingleImage" = Microsoft Office Professional 2010 "Paradise Pet Salon" = Paradise Pet Salon "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "PremElem70" = Adobe Premiere Elements 7.0 "PremElem70Templates" = Adobe Premiere Elements 7.0 Templates "Puppy Luv: A New Breed" = Puppy Luv: A New Breed "RealPlayer 12.0" = RealPlayer "UnityWebPlayer" = Unity Web Player "Verizon FiOS Activation_is1" = Verizon FiOS Activation "WildTangent hp Master Uninstall" = HP Games "Worms 2" = Worms 2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1463916579-3978265779-3180963287-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/16/2010 6:02:51 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/16/2010 6:25:18 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/17/2010 5:09:50 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/17/2010 3:19:56 PM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/18/2010 10:28:28 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/18/2010 5:49:33 PM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/18/2010 5:55:02 PM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/19/2010 8:40:47 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/19/2010 5:51:36 PM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = Error - 4/20/2010 10:25:38 AM | Computer Name = WayneWagner-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/21/2011 6:57:30 AM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/21/2011 6:58:09 AM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 1/21/2011 6:58:44 AM | Computer Name = WayneWagner-PC | Source = DCOM | ID = 10005 Description = Error - 1/21/2011 6:58:44 AM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7009 Description = Error - 1/21/2011 6:58:44 AM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/21/2011 7:03:22 AM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 1/21/2011 7:58:46 AM | Computer Name = WayneWagner-PC | Source = DCOM | ID = 10010 Description = Error - 1/21/2011 8:32:49 PM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/21/2011 8:33:06 PM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 1/21/2011 8:39:04 PM | Computer Name = WayneWagner-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > Quote
Starbuck Posted January 27, 2011 Posted January 27, 2011 Hi carolinejoy, Thanks for the extras.txt; P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, we may refuse to help you. Step 1 Please remove: Java 6 Update 7 it's an old version and should have been removed when Java was updated. Do Not remove: Java 6 Update 23 Reboot the system when completed. Step 2 Let's take a deeper look at things. You'll love this bit: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. Then run: http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe download to your desktop. then double click to start the uninstaller. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista or Win7, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Step 3 If we need to run a script afterwards with Combofix and you have reinstalled AVG, we'll have problems again. So i recommend that you install one of these: ( they are a lot better than AVG anyway) Avira AntiVir ....installation guide Here MS Security Essentials ... see note* ...installation guide Here Avast free Bitdefender Free Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. In your next reply, please submit: Combofix.txt Thanks. Quote Member of:UNITE
carolinejoy Posted January 27, 2011 Author Posted January 27, 2011 I have removed the older version of Java. I have also uninstalled AVG. I have installed microsoft security essentials after the combo fix. Here is the log: ComboFix 11-01-27.01 - Wayne Wagner 01/27/2011 18:17:09.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2289 [GMT -5:00] Running from: c:\users\Wayne Wagner\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 ))))))))))))))))))))))))))))))) . 2011-01-27 23:30 . 2011-01-27 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-26 22:12 . 2011-01-26 22:12 -------- d-----w- C:\_OTL 2011-01-25 21:58 . 2011-01-25 21:58 -------- d-----w- c:\users\WAYNEW~1\AppData\Roaming\Malwarebytes 2011-01-25 21:58 . 2011-01-25 21:58 -------- d-----w- c:\users\Wayne Wagner\AppData\Roaming\Malwarebytes 2011-01-25 21:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-01-25 21:57 . 2011-01-25 21:57 -------- d-----w- c:\programdata\Malwarebytes 2011-01-25 21:57 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-25 21:57 . 2011-01-26 11:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-01-20 17:46 . 2010-12-28 16:08 466944 ----a-w- c:\windows\system32\odbc32.dll 2011-01-20 17:46 . 2010-12-28 16:06 286720 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-20 17:46 . 2010-12-28 16:06 278528 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-20 17:46 . 2010-12-28 16:06 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-20 17:46 . 2010-12-28 16:06 69632 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-01-20 17:46 . 2010-12-28 16:06 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-20 17:46 . 2010-12-28 15:55 413696 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-01-20 17:46 . 2010-12-28 15:53 253952 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-01-20 17:46 . 2010-12-28 15:53 241664 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-01-20 17:46 . 2010-12-28 15:53 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-01-20 17:46 . 2010-12-28 15:53 57344 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadcs.dll 2011-01-20 17:46 . 2010-12-28 15:53 180224 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-01-17 11:53 . 2010-12-14 16:15 1251840 ----a-w- c:\windows\system32\sdclt.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 08:47 . 2006-11-02 12:18 40960 ----a-w- c:\windows\SysWow64\cliconfg.rll 2011-01-26 08:38 . 2006-11-02 08:27 40960 ----a-w- c:\windows\system32\cliconfg.rll 2011-01-26 08:36 . 1999-01-05 21:30 225280 ----a-w- c:\windows\SysWow64\VSFLEX3.OCX 2011-01-26 08:36 . 2008-07-24 16:27 102400 ----a-w- c:\windows\SysWow64\SynTPCOM.dll 2011-01-26 08:36 . 2008-07-24 16:12 200704 ----a-w- c:\windows\SysWow64\SynCtrl.dll 2011-01-26 08:36 . 2008-07-24 16:11 163840 ----a-w- c:\windows\SysWow64\SynCOM.dll 2011-01-26 08:35 . 2000-04-03 21:52 151552 ----a-w- c:\windows\SysWow64\RDOCURS.DLL 2011-01-26 08:35 . 2010-03-23 19:37 167936 ----a-w- c:\windows\SysWow64\NSSearch.dll 2011-01-26 08:35 . 2008-10-28 08:05 69632 ----a-w- c:\windows\SysWow64\oemdspif.dll 2011-01-26 08:35 . 2000-05-24 02:45 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2011-01-26 08:35 . 2000-05-11 17:06 397312 ----a-w- c:\windows\SysWow64\MSRDO20.DLL 2011-01-26 08:35 . 1998-08-09 15:07 94208 ----a-w- c:\windows\SysWow64\MSSTKPRP.DLL 2011-01-26 08:35 . 2004-02-20 20:15 65536 ----a-r- c:\windows\SysWow64\MFC71DEU.DLL 2011-01-26 08:35 . 2004-02-20 20:15 61440 ----a-r- c:\windows\SysWow64\MFC71ITA.DLL 2011-01-26 08:35 . 2004-02-20 20:15 61440 ----a-r- c:\windows\SysWow64\MFC71FRA.DLL 2011-01-26 08:35 . 2004-02-20 20:15 61440 ----a-r- c:\windows\SysWow64\MFC71ESP.DLL 2011-01-26 08:35 . 2004-02-20 20:15 49152 ----a-r- c:\windows\SysWow64\MFC71KOR.DLL 2011-01-26 08:35 . 2004-02-20 20:15 49152 ----a-r- c:\windows\SysWow64\MFC71JPN.DLL 2011-01-26 08:35 . 2004-02-20 20:15 45056 ----a-r- c:\windows\SysWow64\MFC71CHT.DLL 2011-01-26 08:35 . 2004-02-20 20:15 40960 ----a-r- c:\windows\SysWow64\MFC71CHS.DLL 2011-01-26 08:35 . 1998-06-17 23:08 53248 ----a-w- c:\windows\SysWow64\MFC42ENU.DLL 2011-01-26 08:35 . 2008-10-28 08:21 2256896 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2011-01-26 08:35 . 2008-10-28 08:14 3895296 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2011-01-26 08:35 . 2008-10-28 08:04 221184 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2011-01-26 08:35 . 2008-10-28 08:14 2359296 ----a-w- c:\windows\SysWow64\ig4dev32.dll 2011-01-26 08:35 . 2008-12-12 15:11 61440 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-01-26 08:35 . 2009-05-24 10:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2011-01-26 08:35 . 2010-03-23 19:37 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL 2011-01-26 08:35 . 2010-03-23 19:37 176128 ----a-w- c:\windows\SysWow64\BROSNMP.DLL 2011-01-26 08:35 . 2010-03-23 19:37 118784 ----a-w- c:\windows\SysWow64\BrMfNt.dll 2011-01-26 08:35 . 2010-03-23 19:37 106496 ----a-w- c:\windows\SysWow64\BrMuSNMP.dll 2011-01-26 08:35 . 2010-03-23 19:37 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll 2011-01-26 08:35 . 2010-03-23 19:37 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL 2011-01-26 08:35 . 2010-03-23 19:37 73728 ----a-w- c:\windows\SysWow64\BRCrypt.dll 2011-01-26 08:22 . 2006-10-18 01:05 24576 ----a-w- c:\windows\help\OEM\scripts\launchAP.exe 2011-01-26 08:22 . 2010-03-18 17:18 49152 ----a-w- c:\windows\help\OEM\scripts\Interop.TaskScheduler.dll 2011-01-26 08:22 . 2006-09-29 21:28 4096 ----a-w- c:\windows\help\OEM\scripts\Interop.HelpPane.dll 2011-01-26 08:22 . 2008-12-02 00:17 12288 ----a-w- c:\windows\help\OEM\scripts\HelpDTICO.dll 2011-01-26 08:22 . 2009-09-24 17:45 12288 ----a-w- c:\windows\help\OEM\scripts\BackgroundCopyManager1_5.dll 2011-01-26 08:20 . 2010-03-23 19:37 131072 ----a-w- c:\windows\brunin03.dll 2010-11-12 23:53 . 2010-05-12 00:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-11-10 05:35 . 2010-12-09 13:10 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F6F0DAA-02CA-4D1C-8353-6E8B3A4B0BD9}\mpengine.dll 2010-11-06 11:18 . 2010-12-17 11:18 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-06 11:18 . 2010-12-17 11:18 655872 ----a-w- c:\windows\system32\taskschd.dll 2010-11-06 11:18 . 2010-12-17 11:18 410112 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-06 11:18 . 2010-12-17 11:18 855040 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-04 23:58 . 2010-12-17 11:18 267776 ----a-w- c:\windows\system32\taskeng.exe 2010-11-04 18:55 . 2010-12-17 11:18 352768 ----a-w- c:\windows\SysWow64\taskschd.dll 2010-11-04 18:55 . 2010-12-17 11:18 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll 2010-11-04 16:34 . 2010-12-17 11:18 171520 ----a-w- c:\windows\SysWow64\taskeng.exe 2010-11-04 12:18 . 2009-10-30 10:37 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}] 2009-08-10 10:39 311808 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2010-12-6 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [2008-01-21 3154432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-28 49152] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-01-31 52856] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/24 04:04];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [2008-06-27 89088] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-07-26 20376] S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2010-12-07 222720] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 64000] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 126464] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job - c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09] 2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job - c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09] 2011-01-09 c:\windows\Tasks\HPCeeScheduleForWayne Wagner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 03:02] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = %SystemRoot%\system32\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\users\WAYNEW~1\AppData\Roaming\Mozilla\Firefox\Profiles\0b9wg7o0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files (x86)\Real\RealPlayer\browserrecord\firefox\ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org . - - - - ORPHANS REMOVED - - - - SafeBoot-WudfPf SafeBoot-WudfRd HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-01-27 18:34:06 ComboFix-quarantined-files.txt 2011-01-27 23:34 Pre-Run: 133,854,109,696 bytes free Post-Run: 133,764,419,584 bytes free - - End Of File - - 4853CC957D09E1E10788626251A99341 Quote
Starbuck Posted January 28, 2011 Posted January 28, 2011 Hi carolinejoy, I have also uninstalled AVG. I have installed microsoft security essentials after the combo fix. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif A much better choice. How's the system running now? Any improvement? Quote Member of:UNITE
carolinejoy Posted January 29, 2011 Author Posted January 29, 2011 The start up and shut down is much faster. I don't see any problems now. I think you were able to fix all the problems. Thank you very much! Quote
Starbuck Posted January 29, 2011 Posted January 29, 2011 Hi carolinejoy, I don't see any problems now. I think you were able to fix all the problems. Nice one http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif Ok, let's finish off then and remove the tools we have used. Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should set a New Restore Point to prevent possible reinfection from an old one. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.