Jump to content

newguy

Honorary Members
  • Posts

    115
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your patience. I ended up replacing the power supply and thought the issue was fixed. Unfortunately the same symptoms returned after less than a day of operation. (System wont power on for more than a couple of seconds.) During this process I was able to remove the hard drive and run some diagnostics on it with another system. Everything checked out fine. I'm not sure what our next step is here as I don't think I'm qualified to troubleshoot the motherboard. Anyway, I thought I would let you know the situation so you could go ahead and close this thread if you want. I can always start another if the need arises. Thanks again for all your help and patience.
  2. Hi, Thanks for the response. Unfortunately the system will no longer boot. At first when my friend powered on he was getting a black screen only but the system was running, (fans on, lights on, etc.) Occasionally he could shut it off and reboot and be OK. When he told me this I thought the symptoms fit with a failing hard drive and suggested he not try the system again until I had time to run the diagnostics you suggested. I now have physical possession of the system but it will not power up. When the power button is pressed the fans run for one second or less and the system shuts down again. Thinking the hard drive might still be the culprit I removed it and tried to boot again but got the same results. Looks like I have to remedy this situation before I can check the hard drive. Unless you have any suggestions for this issue I'll let you know when I get the system running again. Thanks for your patience.
  3. Thanks for the quick reply. Sorry for the delay in posting back. OK, ran DDS. Files are attached. Not sure how to capture the stop codes. Is there a way to access them directly after the system restarts or is it a matter of recording them when the BSOD event occurs? Thanks again. dds.txt attach.txt
  4. HI, I'm trying to help a friend solve a problem with his computer. The system will shut down seemingly randomly with a blue screen. It's been happening for a while now but the error codes don't appear to be consistant. We ran MBAM and while there were some issues that were solved the blue screen issue remains. A rerun of MBAM showed no infections. I've had good luck with this forum in the past with malware problems, but I think this may be a different sort of issue. Am I in the right place? If so what information do I need to post here to get help with this type of error? Thanks.
  5. Hey Maniac, Sorry for the delay. He had a bit of an issue with IE and his connection but I suspect it was ComboFix again. We were able to take care of that and it's been OK. He says his system seems to be working fine now. Unless there is anything else you think we need to check it looks like we're OK. Thanks.
  6. Sorry for the delay. Been kinda busy. I told him to use the system for a bit to see how it's working. I'll get back to you soon.
  7. Thanks for the info. So, what is our next step? Do you think the system is OK now?
  8. Hi Maniac, The messages is no longer showing up. After booting up he tried to go to a couple of web sites just to see how things were working. First, IE asked if he wanted to make IE the default browser. Now when he visits certain web pages he is getting a "security alert" that begins: "you are about to view pages over a secure connection,,," He does not remember seeing this before. Not sure if Combofix reset some things and this is normal but I thought I would let you know. Other than that things seem OK. Just in case I advised him to still not use the system until we hear from you. Thanks again.
  9. I attempted to disable Norton and ran Combofix. Combofix reported that Norton was not disabled and I again attempted to disable everything in Norton before continuing. Once again Combofix said that Norton was still not disabled but Combofix continued to run. Here is Combofix.txt: ComboFix 12-03-22.01 - thomas 03/22/2012 19:25:27.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1017 [GMT -4:00] Running from: c:\users\thomas\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\start.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))) . . 2012-03-14 22:52 . 2012-03-14 22:52 -------- d-----w- C:\_OTL 2012-03-14 11:04 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 11:04 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 11:04 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 11:04 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 11:04 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 11:04 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 11:03 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-14 11:03 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 11:03 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 21:32 . 2012-03-09 21:35 -------- d-----w- c:\programdata\F4D562BF0005A14400244E3C570F1C8B 2012-03-06 04:30 . 2012-03-06 04:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(753) 2012-02-22 20:14 . 2012-02-22 20:14 -------- d-----w- c:\users\thomas\AppData\Local\Scansoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-20 21:56 . 2011-07-30 11:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 39408] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624] . c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2009-3-25 1724416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk] path=c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk backup=c:\windows\pss\FrostWire On Startup.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2007-03-13 00:44 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2007-03-07 18:09 44168 ----a-w- c:\windows\SMINST\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-22 18:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-22 18:49 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 10:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector] 2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-10-11 13:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 23:24] . 2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 23:24] . 2012-03-05 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 03:07] . 2012-03-02 c:\windows\Tasks\NatSpeak Periodic Data Collection.job - c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2008-07-28 03:07] . 2012-03-13 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 03:07] . 2012-03-22 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-12-10 13:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=BNHP mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-AOL Fast Start - c:\program files\AOL 9.0b\AOL.EXE MSConfigStartUp-Google Update - c:\users\thomas\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1187657277\ee\AOLSoftware.exe MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-SearchEngineProtection - c:\program files\Gamesbar\SearchEngineProtection.exe MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe AddRemove-A_Free_Ride_Games_Bar Toolbar - c:\progra~1\A_FREE~1\UNINST~1.EXE AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe AddRemove-{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} - c:\program files\Free Ride Games\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-22 19:32 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-03-22 19:35:44 ComboFix-quarantined-files.txt 2012-03-22 23:35 . Pre-Run: 193,152,491,520 bytes free Post-Run: 193,096,896,512 bytes free . - - End Of File - - 275483438EA22A43BAB5FC4672446F4F
  10. Hey Maniac, Everything seems OK except we are still getting the pop-up error I told you about in post #5. The same message appears on every boot.
  11. OK, I was able to run OTL in safe mode. Here is the log: All processes killed ========== OTL ========== Error: No service named McComponentHostService was found to stop! Service\Driver key McComponentHostService not found. File C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found. File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry value HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found. File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found. Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found. Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found. File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found. File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found. File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\ProgramData\ax1bQt93JxKdtA not found. File C:\ProgramData\~ax1bQt93JxKdtA not found. File C:\ProgramData\~ax1bQt93JxKdtAr not found. Folder C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B\ not found. File C:\Users\thomas\AppData\Roaming\SAS7_000.DAT not found. Folder C:\Users\thomas\AppData\Roaming\FrostWire\ not found. ========== FILES ========== File\Folder C:\Program Files\A_Free_Ride_Games_Bar not found. File\Folder C:\Program Files\MyWebSearch not found. File\Folder C:\Program Files\FunWebProducts not found. File\Folder C:\Program Files\Viewpoint not found. File\Folder C:\Program Files\ConduitEngine not found. File\Folder C:\Program Files\Constant Guard Protection Suite not found. File\Folder C:\Program Files\Free Ride Games not found. File\Folder C:\Program Files\McAfee Security Scan not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3504F588-15FC-4DFB-BC2D-1C4DC6481E92} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B2372D9-29EF-43B4-803E-F2A92841C91E} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B2372D9-29EF-43B4-803E-F2A92841C91E}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\A_Free_Ride_Games_Bar Toolbar not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\conduitEngine not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: thomas ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 170492787 bytes ->Java cache emptied: 81752364 bytes ->Flash cache emptied: 93799 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4573 bytes RecycleBin emptied: 74961 bytes Total Files Cleaned = 241.00 mb OTL by OldTimer - Version 3.2.36.3 log created on 03182012_205211 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  12. Hey Maniac, Thanks for the info on registry cleaners. Didn't realize they could be harmful. For some reason when I copied/pasted your OTL commands the returns didn't copy and everything appeared on one line. I had to paste them into a wordpad document and then manually add the returns. Then I was able to copy and paste from notepad into OTL. When I ran OTL it seemed to being doing OK at first but then it paused. I soon got a message from windows that OTL was not responding and had to be shut down. At that point the system hung with no icons or task bar. Had to shut down manually and restart. OTL did not produce a log. I wasn't sure if I should run it again or if doing so would cause any problems so I thought I would post back and wait for your advice. Not sure if I made a mistake with the OTL commands so I decided to post them so you could have a look. Thanks again. Here is what I pasted into OTL: :OTL SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680 FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not found O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found [2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA [2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA [2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr [2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B [2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT [2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire :files C:\Program Files\A_Free_Ride_Games_Bar C:\Program Files\MyWebSearch C:\Program Files\FunWebProducts C:\Program Files\Viewpoint C:\Program Files\ConduitEngine C:\Program Files\Constant Guard Protection Suite C:\Program Files\Free Ride Games C:\Program Files\McAfee Security Scan :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" =- "{3B2372D9-29EF-43B4-803E-F2A92841C91E}" =- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "A_Free_Ride_Games_Bar Toolbar" =- "conduitEngine" =- :Commands [emptytemp] [clearallrestorepoints]
  13. OK, Uninstalled "McAfee Security Scan Plus" Uninstalled "Veiwpoint Media Player" - (this had been uninstalled back in post #3 so I'm not sure why it was there) Copied and pasted the text you provided into OTL and clicked "Run Fix." Scan ran very quickly and asked to reboot. System hung during shutdown and I powered off manually after a while. OTL produced a log after restart. We are still getting the pop-up error message I mentioned in post #5. I was wondering if you think cleaning up the registry with CCleaner might take care of this issue. I know I shouldn't run CCleaner until we are all done, I was just wondering if you thought it might remedy the situation. Thanks again. OTL log: All processes killed Error: Unable to interpret <:OTLSRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...l=dis&o=ushpdIE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...tid=CT1320680IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...l=dis&o=ushpdIE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\Search> in the current context! Error: Unable to interpret <Scopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&geo=US&ver=5IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...tid=CT1320680FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not foundFF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not foundFF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.binO2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)O2 - BHO: (Constant Guard > in the current context! Error: Unable to interpret <Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not foundO2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)O4 - HKLM..\Run: [] File not foundO4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ri> in the current context! Error: Unable to interpret <de Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found[2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA[2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA[2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr[2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B[2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT[2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire:filesC:\Program Files\A_Free_Ride_Games_BarC:\Program Files\MyWebSearchC:\Program Files\FunWebProductsC:\Program Files\ViewpointC:\Program Files\ConduitEngineC:\Program > in the current context! Error: Unable to interpret <Files\Constant Guard Protection SuiteC:\Program Files\Free Ride GamesC:\Program Files\McAfee Security Scan:reg[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" =-"{3B2372D9-29EF-43B4-803E-F2A92841C91E}" =-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"A_Free_Ride_Games_Bar Toolbar" =-"conduitEngine" =-:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.36.3 log created on 03142012_185212 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  14. Hi Maniac, I uninstalled "Constant Guard Protection Suite." Ran FixExec and it seems to have restored the .exe file associations. Ran UnHide.exe and that brought back the favorites in IE. Ran OTL. Logs follow. Just wanted to say thanks for all your time and help so far. OTL.txt: OTL logfile created on: 3/13/2012 7:13:36 PM - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\thomas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.64% Memory free 3.98 Gb Paging File | 2.95 Gb Available in Paging File | 74.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.31 Gb Total Space | 179.76 Gb Free Space | 62.13% Space Free | Partition Type: NTFS Drive D: | 8.78 Gb Total Space | 0.81 Gb Free Space | 9.20% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/13 19:05:59 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe PRC - [2012/01/06 17:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2011/06/22 10:32:34 | 004,837,808 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe PRC - [2010/12/21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/25 17:54:58 | 001,724,416 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111v2.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe ========== Modules (No Company Name) ========== MOD - [2012/02/17 04:28:25 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b6b9eeba0eaffb7691e9fd06c4f3dd10\System.ServiceModel.Routing.ni.dll MOD - [2012/02/17 04:28:24 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26150ab602b494d300ae488f81dbef9b\System.ServiceModel.Discovery.ni.dll MOD - [2012/02/17 04:28:22 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\361744396ee71dcc435c93226a8a6754\System.ServiceModel.Channels.ni.dll MOD - [2012/02/17 04:28:20 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4d1a64fc317c7d5de7321ef42d9443aa\System.ServiceModel.Activities.ni.dll MOD - [2012/02/17 04:28:08 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b711fe4f8f23da12b205be1d231d4e2e\System.ServiceModel.ni.dll MOD - [2012/02/17 04:26:57 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38b6bf7d0ee6cea88d785e52e991627c\System.IdentityModel.ni.dll MOD - [2012/02/17 04:23:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll MOD - [2012/02/17 04:23:23 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll MOD - [2012/02/17 04:23:22 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll MOD - [2012/02/17 04:23:17 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll MOD - [2012/02/17 04:23:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll MOD - [2012/02/17 04:09:17 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll MOD - [2012/02/17 04:08:53 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll MOD - [2012/02/17 04:08:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll MOD - [2012/02/17 04:08:47 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll MOD - [2012/02/17 04:08:43 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll MOD - [2012/02/17 04:08:31 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll MOD - [2012/02/17 04:08:29 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll MOD - [2012/02/17 04:08:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll MOD - [2012/02/17 04:08:19 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll MOD - [2012/02/17 04:08:19 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll MOD - [2012/02/17 04:08:15 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll MOD - [2011/10/14 03:07:36 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (IDVaultSvc) SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MBAMSwissArmy) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp) DRV - [2012/03/09 17:33:47 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120313.002\NAVEX15.SYS -- (NAVEX15) DRV - [2012/03/09 17:33:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/03/09 17:33:46 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120313.002\NAVENG.SYS -- (NAVENG) DRV - [2012/03/02 19:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001_fb5\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/02/04 10:06:37 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/12/15 19:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120313.001\IDSvix86.sys -- (IDSVix86) DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN) DRV - [2011/05/17 21:51:42 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv) DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP) DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA) DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS) DRV - [2010/11/22 09:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X6XSEx.sys -- (X6XSEx) DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON) DRV - [2009/01/13 10:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2) DRV - [2008/10/01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50) DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50) DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-05-2011 IE - HKLM\..\SearchScopes\{59978E0A-1C53-4D9A-A67F-D1473F7643AB}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A1170105-04F3-4615-8626-95D3A4FCDED9}: "URL" = http://search.live.c...#38;FORM=HVDUS7 IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=BNHP IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-05-2011 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{59978E0A-1C53-4D9A-A67F-D1473F7643AB}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SUNA_en IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{A1170105-04F3-4615-8626-95D3A4FCDED9}: "URL" = http://search.live.c...#38;FORM=HVDUS7 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680 IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.5.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/03/09 20:25:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/03/13 19:09:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/05/19 13:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions [2009/01/05 14:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2009/01/05 14:15:47 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not found O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: internet ([]about in Internet) O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B2B4F7-0518-4ACF-8183-A99769F3C3E1}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/04/23 19:59:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{43bac658-fd09-11db-9ae5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{43bac658-fd09-11db-9ae5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{63173718-8890-11dd-b7dc-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{63173718-8890-11dd-b7dc-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{9c58817a-d772-11dd-9dec-00038a000015}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/13 19:05:59 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe [2012/03/13 18:47:45 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\unhide.exe [2012/03/13 18:44:18 | 000,881,568 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\FixExec.scr [2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B [2012/03/06 00:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(753) [2012/03/06 00:10:48 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\New Folder (3) [2012/02/22 16:14:43 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\Scansoft [2012/02/21 12:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012/02/21 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\Nuance [2012/02/21 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 10.0 [2012/02/21 12:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012/02/21 12:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012/02/21 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance [2012/02/21 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012/02/21 12:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012/02/16 07:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch ========== Files - Modified Within 30 Days ========== [2012/03/13 19:16:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/13 19:16:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/13 19:10:59 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job [2012/03/13 19:09:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/13 19:09:19 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/13 19:09:19 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/13 19:09:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/13 19:09:11 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys [2012/03/13 19:05:59 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe [2012/03/13 18:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/13 18:47:45 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\unhide.exe [2012/03/13 18:44:18 | 000,881,568 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\FixExec.scr [2012/03/13 06:49:27 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2012/03/11 14:59:09 | 000,015,490 | ---- | M] () -- C:\Users\thomas\Desktop\Message01.jpg [2012/03/09 17:32:54 | 000,007,728 | ---- | M] () -- C:\Users\thomas\AppData\Local\d3d9caps.dat [2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA [2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA [2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr [2012/03/05 07:54:09 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2012/03/03 16:17:07 | 000,001,099 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/03/02 02:00:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2012/02/26 14:26:42 | 000,108,280 | ---- | M] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf2.pdf [2012/02/24 08:48:59 | 000,057,344 | ---- | M] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT [2012/02/21 12:48:24 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2012/02/17 12:44:20 | 000,761,933 | ---- | M] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf [2012/02/17 12:43:28 | 000,761,933 | ---- | M] () -- C:\Users\thomas\Documents\MCR-PrintableCoupon-.pdf [2012/02/17 05:07:54 | 000,392,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/02/13 14:50:04 | 010,468,138 | ---- | M] () -- C:\Users\thomas\Documents\1984 rollback.pdf ========== Files Created - No Company Name ========== [2012/03/11 14:59:09 | 000,015,490 | ---- | C] () -- C:\Users\thomas\Desktop\Message01.jpg [2012/03/08 21:00:43 | 2011,750,400 | -HS- | C] () -- C:\hiberfil.sys [2012/03/05 21:28:23 | 000,000,296 | ---- | C] () -- C:\ProgramData\~ax1bQt93JxKdtA [2012/03/05 21:28:23 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ax1bQt93JxKdtAr [2012/03/05 21:26:39 | 000,000,456 | ---- | C] () -- C:\ProgramData\ax1bQt93JxKdtA [2012/03/03 16:17:07 | 000,001,099 | ---- | C] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/02/26 14:26:42 | 000,108,280 | ---- | C] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf2.pdf [2012/02/21 15:59:18 | 000,002,394 | ---- | C] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT [2012/02/21 15:58:39 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2012/02/21 15:58:38 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2012/02/21 15:58:33 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2012/02/21 12:48:24 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2012/02/17 12:44:20 | 000,761,933 | ---- | C] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf [2012/02/17 12:43:28 | 000,761,933 | ---- | C] () -- C:\Users\thomas\Documents\MCR-PrintableCoupon-.pdf [2012/02/13 14:50:04 | 010,468,138 | ---- | C] () -- C:\Users\thomas\Documents\1984 rollback.pdf [2011/11/05 18:45:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2011/11/03 22:45:56 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini ========== LOP Check ========== [2011/05/13 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Artogon [2011/11/05 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Exent Technologies [2008/12/15 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Eyeblaster [2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire [2012/01/25 11:03:38 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\GARMIN [2011/05/17 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ID Vault [2012/01/11 11:28:57 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Image Zone Express [2012/03/09 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\IrfanView [2011/11/05 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\iWin [2012/02/21 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Nuance [2012/03/11 15:03:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Oberon Media [2007/08/31 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\PlayFirst [2007/09/19 12:13:39 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Pogo Games [2011/09/30 09:50:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Printer Info Cache [2012/03/09 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SmartDraw [2007/08/20 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Snapfish [2012/03/09 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SpinTop [2007/08/30 10:49:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Template [2009/01/05 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\TomTom [2007/08/22 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WildTangent [2008/02/14 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WinBatch [2012/03/05 07:54:09 | 000,000,492 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job [2012/03/02 02:00:10 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Data Collection.job [2012/03/13 06:49:27 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job [2012/03/13 19:07:52 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/03/13 19:10:59 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E49FC3A5 @Alternate Data Stream - 64 bytes -> C:\Users\thomas\Desktop\Left Behind (Chrysler Documentary).mp4:TOC.WMV @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:F35A93AD @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:21F28B00 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E13861A5 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6122E243 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:1A6AFE3D @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B9436876 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DE73B0FE < End of report > Extras.txt: OTL Extras logfile created on: 3/13/2012 7:13:36 PM - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\thomas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.64% Memory free 3.98 Gb Paging File | 2.95 Gb Available in Paging File | 74.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.31 Gb Total Space | 179.76 Gb Free Space | 62.13% Space Free | Partition Type: NTFS Drive D: | 8.78 Gb Total Space | 0.81 Gb Free Space | 9.20% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1011A76D-D0CC-4E9D-B359-70DDCDE7A163}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{27915E9A-324B-4936-9D6C-A3A5A6DBB7BF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{3AAE5919-B2A6-4F25-B812-4C215D07B519}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{3B2372D9-29EF-43B4-803E-F2A92841C91E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{5143A5EB-B93B-4AC8-A003-27CAA730B8F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5F226FF5-C484-4B42-B8A4-E34CBC415BE0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{6F516B90-4B59-426A-86BC-E6B2E23AC2DB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{7F424EB3-CF93-4F6B-9EC4-0B0246891AB9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{8A006B8C-4065-4BD9-AA8E-E8544264BDB0}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | "{980B2E91-C1DE-4999-9DA7-F3F257FDE237}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{B6B6651C-24E9-4464-969C-697CBD951555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B9062737-8779-480F-AA66-4C7525322D1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{BFDE7E44-ECCD-463A-AB81-F8A598627023}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{C7A23DE1-CA04-4E42-9039-0D357345EFA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{CE612C43-25AD-46CC-BFC9-0247BE8E59F1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D8FBBE42-F01C-48BF-8697-FD3C24554FAB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "TCP Query User{A1A86943-9836-47C6-A3DA-49B31B3656C2}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "UDP Query User{61398DA5-182F-4E6C-A81D-DE73F2E6C325}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking "{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110542703}" = Word Whomp To Go "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5 "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect "{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin "28e03a3aab8b0978c17af3afdc47a6ee" = Treasure Seekers The Enchanted Canvases "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "A_Free_Ride_Games_Bar Toolbar" = A Free Ride Games Bar Toolbar "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "conduitEngine" = Conduit Engine "Coupon Printer for Windows2.0" = Coupon Printer for Windows "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "Easy Chef 1,000,000 Recipes" = Easy Chef 1,000,000 Recipes "FLVplayer" = FLV Player "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Photosmart Essential" = HP Photosmart Essential 2.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2 "IrfanView" = IrfanView (remove only) "LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Moraff's_Maximum_Mahjongg_1.0" = Moraff's Maximum MahJongg 1.0 "N360" = Norton Security Suite "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "RealPlayer 6.0" = RealPlayer "Rhapsody" = Rhapsody "Sandlot Games Client Services_is1" = Sandlot Games Client Services "Shop for HP Supplies" = Shop for HP Supplies "Snood 4_is1" = Snood 4 "SoftwareUpdUtility" = Download Updater (AOL LLC) "Super Text Twist Free Trial_is1" = Super Text Twist Free Trial "Text Twist" = Text Twist "TomTom HOME" = TomTom HOME 2.5.2.60 "UPCShell" = LeapFrog Connect "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.9 "Wheel of Fortune 2" = Wheel of Fortune 2 (remove only) "WildTangent hpdesktop Master Uninstall" = My HP Games "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SmartDraw 2007" = SmartDraw 2007 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/7/2012 9:40:58 PM | Computer Name = thomas-PC | Source = EventSystem | ID = 4609 Description = Error - 3/8/2012 8:56:46 PM | Computer Name = thomas-PC | Source = EventSystem | ID = 4609 Description = Error - 3/8/2012 11:18:54 PM | Computer Name = thomas-PC | Source = IDVault | ID = 0 Description = IsIDVaultAlreadyRunning failed Only part of a ReadProcessMemory or WriteProcessMemory request was completed at System.Diagnostics.NtProcessManager.GetModuleInfos(Int32 processId, Boolean firstModuleOnly) at System.Diagnostics.NtProcessManager.GetFirstModuleInfo(Int32 processId) at System.Diagnostics.Process.get_MainModule() at (Object ) at ? .? . () Error - 3/8/2012 11:20:12 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026 Description = Error - 3/9/2012 12:13:55 AM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026 Description = Error - 3/9/2012 12:19:17 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026 Description = Error - 3/9/2012 5:33:53 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026 Description = Error - 3/12/2012 1:56:02 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1764 Start Time: 01cd0065eb461709 Termination Time: 647 Error - 3/12/2012 7:24:07 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: f70 Start Time: 01cd007870951d49 Termination Time: 189 Error - 3/12/2012 7:24:39 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1344 Start Time: 01cd00a738a611d9 Termination Time: 18 [ Media Center Events ] Error - 9/24/2009 5:30:02 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/7/2009 7:48:51 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 2/24/2010 8:39:55 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 3/13/2012 6:23:26 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 6:23:58 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 6:37:23 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/13/2012 7:10:58 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > FixExec.txt: FixExec by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about FixExec can be found at this link: http://www.bleepingc...ilities/fixexec Program started at: 03/13/2012 06:45:15 PM in x86 mode. Windows Version: Windows Vista Checking for processes to terminate before fixing executable associations. * No processes found to kill. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKCU\SOFTWARE\Classes\.exe\\@ exists and is set to F4D56! * HKCU\SOFTWARE\Classes\.exe has been deleted! * HKCU\SOFTWARE\Classes\F4D56 has been deleted! * HKCU\SOFTWARE\Classes\.bat\\@ exists and is set to batfile! * HKCU\SOFTWARE\Classes\.bat has been deleted! * HKCU\SOFTWARE\Classes\.com\\@ exists and is set to comfile! * HKCU\SOFTWARE\Classes\.com has been deleted! Program finished at: 03/13/2012 06:46:43 PM Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)
  15. Hey Maniac, I was able to uninstall these two items: Games.com Toolbar GamesBar 2.0.1.81 The other two: Conduit Engine A Free Ride Games Bar Toolbar are still listed after running the uninstallers. Here are the issues we are getting now: I'm getting a pop-up message on boot-up about not being able to load or run a file listed in the registry. I've attached a screen shot of this message here. He has something called "Constant Guard Protection Suite" installed. This is part of a package provided by his ISP. Upon boot up we are getting a "Protection Suite Error" message that says an unexpected error occurred and the software will restart, but when we dismiss the box it simply returns. We cannot start the software manually via the desktop icon. File associations for executable files (.exe) seem to be missing. For example, clicking on a the shortcut for Internet Explorer brings up a dialog box asking what program the file (iexplore.exe) should be opened with. In order to run an executable you must right click and choose run as... Originally all of the files and shortcuts on the desktop were missing. I was able to "show hidden files", select the hidden files and unhide them. (This was before my original post.) Currently, all of the favorites are missing from IE and I'm not sure if we will discover other missing items in the future. I read something about "unhide.exe" while checking out the Chameleon page and I wasn't sure if that would be something we would want to run eventually.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.