namida12

Vista system in a mess - Help

126 posts in this topic

I ran Malwarebytes, and also removed some software on this system, and after shutdown the system recover ran for 6 hours before it would boot again.

Something, or several malware programs now can not be removed, or have changed the sytem am kinda afraid to clean girlfriend's older system...

Please someone help me clean it so it can be used for her bowling league recording without rogue software popping up or under every few minutes and blocking the screen.

JR

Attach-01.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello namida12 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Share this post


Link to post
Share on other sites

D-Fred-Brown,

I have been running combofix for about 7 hours, the hard drive light is blinking on and off but last message in screen is a blinking cursor after the deleting folders:

Is this normal, well possible as the mess this computer seems to be in is not normal in my opinion? Or has ComboFix stalled with all the work it must perform?

JR:

Share this post


Link to post
Share on other sites

It may have stalled. Try rebooting the computer and running it again.

Share this post


Link to post
Share on other sites

Shut machine off, was worried it might not restart, let it cool down for an hour, then booted system, with fingers crossed, and the several malware products started:

Sendori

Optimizer Pro

24/7 Help

It appears PC SpeedFix has died, or failed to start this time...

A pop up for Optimizer Pro has appears several time during the completed stage 32 & 32A of combofix. I closed the popup windows as they appeared.

JR

Share this post


Link to post
Share on other sites

I was able to run Combofix in safe mode and get report generated by booting into safe mode.but I can not find combofix/uninstall as described on the referenced page. My understanding that uninstalling get rid of the guaranteed files along with the software.

This has been difficult getting this done after combofix would not run in normal mode...

Starting after all the scans I still have these unwanted programs:

Sendori <--Using more than 70% of of installed memory (2Gigs)

Optimizer Pro

24/7

Web Crawler

Site Ranker

PCFixSpeed

Inbox Tool

Also I have a coupon pop up on every webpage I open including malwarbytes.org

There may be other software I do not need...

JR

TDSSKiller-log-I-Can-not-find.txt

mbar-log-2013-05-31 (21-32-59).txt

Combofix-log.txt

checkup.txt

Share this post


Link to post
Share on other sites
I was able to run Combofix in safe mode and get report generated by booting into safe mode.but I can not find combofix/uninstall as described on the referenced page. My understanding that uninstalling get rid of the guaranteed files along with the software.

Don't worry about uninstalling it for now. We'll uninstall it when you're clean, but for now, we really need to use it.

----------------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\windows\system32\Sendori.dll

Folder::

c:\program files\Sendori

c:\program files\Optimizer Pro

c:\users\Dot B\AppData\Roaming\Optimizer Pro

c:\program files\24x7Help

c:\program files\CrawlerToolbar

c:\program files\Crawler Toolbar

c:\program files\SiteRanker

c:\program files\PC Health Kit

c:\users\Dot B\AppData\Roaming\PC Health Kit

c:\program files\PCFixSpeed

c:\users\Dot B\AppData\Roaming\PCFixSpeed

c:\program files\Inbox Toolbar

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Share this post


Link to post
Share on other sites

Will I need to run this in safe mode, as that was the only way i could get Combofix to work and produce a report?

Seems like something interferes with Combofix operation running in Vista normal mode?

JR

Share this post


Link to post
Share on other sites

If it doesn't run in Normal Mode, try Safe Mode.

Share this post


Link to post
Share on other sites

Well the system took forever to boot. After performing this procedure in safe mode, would not run in normal mode

Then rapidly a number of warnings flashed on and off screen something about limited users failed to open, host file not working.

I thought I had wired internet access...

I opened dos window CMD typed Ipconfig and it appears I do not have a connection. This system was using an expired Network magic setup, but opening the folder there is nothing inside the folder. I have no idea how to set up vista internet connections...

Internet Explore fails to open,

Firefox opens small to search.conduit.com/ctid.=CT3298566 Also there is a sweetpack tool bar, but there was no incon previously for firefox on desktop or quick launch that i remember.

Google Chrome opens to www.google.com <--has an error 137 (net::err_Name_Resolution_Failed) unknown error

JR

Combofix-new-log.txt

Share this post


Link to post
Share on other sites

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the otlicon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the runscan.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites

<p>I downloaded the file and moved it to the GF Vista System, and then copied the files Txt files to this system to post...</p>

<p> </p>

<p> </p>

<div>OTL logfile created on: 6/2/2013 11:43:42 AM - Run 1</div>

<div>OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dot B\Desktop</div>

<div>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 9.0.8112.16421)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>1.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.84% Memory free</div>

<div>4.11 Gb Paging File | 3.15 Gb Available in Paging File | 76.69% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 220.97 Gb Total Space | 132.00 Gb Free Space | 59.74% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 11.91 Gb Total Space | 1.84 Gb Free Space | 15.41% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: DOTB-PC | User Name: Dot B | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - [2013/06/02 11:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dot B\Desktop\OTL.exe</div>

<div>PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Dot B\AppData\Roaming\SearchProtect\bin\cltmng.exe</div>

<div>PRC - [2013/04/11 07:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe</div>

<div>PRC - [2013/04/09 11:39:37 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe</div>

<div>PRC - [2013/03/28 07:12:36 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe</div>

<div>PRC - [2013/03/22 18:56:36 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Dot B\AppData\Roaming\Yontoo\YontooDesktop.exe</div>

<div>PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe</div>

<div>PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe</div>

<div>PRC - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe</div>

<div>PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe</div>

<div>PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe</div>

<div>PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe</div>

<div>PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe</div>

<div>PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe</div>

<div>PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</div>

<div>PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe</div>

<div>PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe</div>

<div>PRC - [2008/01/19 00:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe</div>

<div>PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - [2013/05/23 19:39:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll</div>

<div>MOD - [2013/05/23 18:55:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll</div>

<div>MOD - [2013/01/12 19:33:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll</div>

<div>MOD - [2013/01/12 19:32:58 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll</div>

<div>MOD - [2013/01/12 19:31:14 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll</div>

<div>MOD - [2013/01/12 19:31:00 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll</div>

<div>MOD - [2012/10/05 03:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll</div>

<div>MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</div>

<div>MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</div>

<div>MOD - [2009/03/29 21:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll</div>

<div>MOD - [2009/03/29 21:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll</div>

<div>MOD - [2007/09/30 20:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll</div>

<div>MOD - [2007/09/30 20:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll</div>

<div>MOD - [2007/09/30 20:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll</div>

<div>MOD - [2007/09/30 20:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll</div>

<div>MOD - [2007/09/30 20:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll</div>

<div> </div>

<div> </div>

<div>========== Services (SafeList) ==========</div>

<div> </div>

<div>SRV - File not found [Auto | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\Dot B\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)</div>

<div>SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)</div>

<div>SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)</div>

<div>SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)</div>

<div>SRV - [2013/05/31 16:51:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)</div>

<div>SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</div>

<div>SRV - [2013/04/11 07:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)</div>

<div>SRV - [2013/03/28 07:12:36 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)</div>

<div>SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)</div>

<div>SRV - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)</div>

<div>SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)</div>

<div>SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)</div>

<div>SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)</div>

<div>SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)</div>

<div>SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)</div>

<div>SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)</div>

<div>SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</div>

<div>SRV - [2008/01/19 00:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)</div>

<div>SRV - [2008/01/19 00:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)</div>

<div>SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)</div>

<div>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)</div>

<div>DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)</div>

<div>DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)</div>

<div>DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)</div>

<div>DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)</div>

<div>DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)</div>

<div>DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)</div>

<div>DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)</div>

<div>DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)</div>

<div>DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)</div>

<div>DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)</div>

<div>DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)</div>

<div>DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)</div>

<div>DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)</div>

<div>DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)</div>

<div>DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)</div>

<div>DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)</div>

<div>DRV - [2007/05/30 16:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)</div>

<div>DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)</div>

<div>DRV - [2007/03/06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)</div>

<div>DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)</div>

<div>DRV - [2007/02/16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)</div>

<div>DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)</div>

<div>DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)</div>

<div>DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={1FDF5E79-A155-11E2-A299-00038A000015}</div>

<div>IE - HKLM\..\URLSearchHook: {e37a45b1-e436-4eb4-b26e-d8dfc5a03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)</div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = {4D7741C1-34E0-41AF-8CBB-1CEF6471B50B}</div>

<div>IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002R0us&ptb=F97EF05F-AB43-4D19-8D05-357FDB13AEBA&psa=&ind=2011092421&ptnrS=YKxdm002R0us&si=CJOU_deht6sCFRpggwodmQ2efw&st=sb&n=77ded5c5&searchfor={searchTerms}</div>

<div>IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={1FDF5E79-A155-11E2-A299-00038A000015}</div>

<div>IE - HKLM\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</div>

<div> </div>

<div> </div>

<div>IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found</div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found</div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div> </div>

<div> </div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN49307508318303194&UM=2&UP=SP334D60CC-BF8C-4C77-A304-FE7D35C941A7</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\InprocServer32 File not found</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\URLSearchHook: {e37a45b1-e436-4eb4-b26e-d8dfc5a03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes,DefaultScope = {4D7741C1-34E0-41AF-8CBB-1CEF6471B50B}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{1016F1D0-2E93-C395-B0B0-3D79E197011C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z002&form=ZGAIDF</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=X-SD&o=13959&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=SV&apn_dtid=YYYYYYYYUS&apn_uid=E97C7D64-D556-4BF6-8840-E88F8611CEFF&apn_sauid=25F76F55-82A5-4AE5-B437-134E6F3E6C59</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60688</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{36CC2D80-F33F-41B3-A36E-8C353087E7AD}: "URL" = http://delicious.com/search?p={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{3949D2E7-5910-475E-B613-4D87E683CD71}: "URL" = http://search.live.com/results.aspx?FORM=SOLTDF&q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{45291254-2C7E-4B2C-97B8-150FEEAB1B25}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3283894&SearchSource=45&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{4CC024C7-B1FD-49D8-8B15-CCFC8953E2CE}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{4D7741C1-34E0-41AF-8CBB-1CEF6471B50B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN49307508318303194&UM=2</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{5AA0FB2F-45B5-4b28-8E51-261F7382C1A8}: "URL" = http://search.iyogi.com/search.html?hl=en&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=10003&lng=en</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{BE5A5A5B-ED7E-4ECA-A113-56682457D5C7}: "URL" = http://www.flickr.com/search/?q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80291&lng=en</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002R0us&ptb=F97EF05F-AB43-4D19-8D05-357FDB13AEBA&psa=&ind=2011092421&ptnrS=YKxdm002R0us&si=CJOU_deht6sCFRpggwodmQ2efw&st=sb&n=77ded5c5&searchfor={searchTerms}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={1FDF5E79-A155-11E2-A299-00038A000015}</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local</div>

<div> </div>

<div>========== FireFox ==========</div>

<div> </div>

<div>FF - prefs.js..CT3298566.browser.search.defaultthis.engineName: "true"</div>

<div>FF - prefs.js..browser.search.defaultenginename: "Bing"</div>

<div>FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V30 Customized Web Search"</div>

<div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN42361493752100910&UM=2&SearchSource=3&q={searchTerms}"</div>

<div>FF - prefs.js..browser.search.selectedEngine: "MixiDJ V30 Customized Web Search"</div>

<div>FF - prefs.js..browser.search.useDBForOrder: true</div>

<div>FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN42361493752100910&UM=2&UP=SP334D60CC-BF8C-4C77-A304-FE7D35C941A7"</div>

<div>FF - prefs.js..extensions.enabledAddons: crossriderapp19962@crossrider.com:0.91.47</div>

<div>FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0</div>

<div>FF - prefs.js..extensions.enabledAddons: {DAC3F861-B30D-40dd-9166-F4E75327FAC7}:1.3.1</div>

<div>FF - prefs.js..extensions.enabledAddons: 9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com:0.89.6</div>

<div>FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02</div>

<div>FF - prefs.js..extensions.enabledAddons: {1122b43d-30ee-403f-9bfa-3cc99b0caddd}:10.15.2.23</div>

<div>FF - prefs.js..extensions.enabledAddons: {7D5D7D98-CBDE-486A-9A12-1EE9F78F0A23}:1.5</div>

<div>FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.4</div>

<div>FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.26</div>

<div>FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN42361493752100910&UM=2&q="</div>

<div>FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "iYogi"</div>

<div>FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Crawler Search"</div>

<div>FF - prefs.js..browser.startup.homepage: "http://search.iyogi.com/"</div>

<div> </div>

<div> </div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)</div>

<div>FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/06 11:28:47 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/09 11:41:21 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/22 14:32:52 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 21:48:41 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/22 16:05:11 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/06 11:28:47 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/03/28 07:12:36 | 000,037,909 | ---- | M] ()</div>

<div> </div>

<div>[2011/11/09 21:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Extensions</div>

<div>[2013/05/24 20:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions</div>

<div>[2013/04/28 22:41:01 | 000,000,000 | ---D | M] (MixiDJ V30) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}</div>

<div>[2013/04/21 18:20:43 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\{7D5D7D98-CBDE-486A-9A12-1EE9F78F0A23}</div>

<div>[2013/04/28 22:42:55 | 000,000,000 | ---D | M] ("Solid Savings") -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com</div>

<div>[2013/04/09 13:36:50 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\crossriderapp19962@crossrider.com</div>

<div>[2013/04/16 16:06:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\plugin@yontoo.com</div>

<div>[2013/04/28 22:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com\chrome\content\extensionCode</div>

<div>[2013/04/09 13:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode</div>

<div>[2013/05/24 20:43:57 | 000,029,603 | ---- | M] () (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\addon@defaulttab.com.xpi</div>

<div>[2013/04/09 13:37:44 | 000,195,574 | ---- | M] () (No name found) -- C:\Users\Dot B\AppData\Roaming\Mozilla\Firefox\Profiles\owagrwoz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi</div>

<div>[2013/05/31 20:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div>

<div>[2013/03/28 07:12:36 | 000,037,909 | ---- | M] () (No name found) -- C:\PROGRAM FILES\WAJAM\FIREFOX\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI</div>

<div>[2013/04/09 11:41:21 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT</div>

<div>[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div>

<div>[2013/04/09 11:39:49 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll</div>

<div>[2013/05/31 15:29:49 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml</div>

<div>[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div>

<div>[2012/09/04 04:51:22 | 000,032,938 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iYogi.xml</div>

<div>[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Google (Enabled)</div>

<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</div>

<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR - homepage: http://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN33922327711491257&UM=2</div>

<div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll</div>

<div>CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll</div>

<div>CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll</div>

<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll</div>

<div>CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</div>

<div>CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll</div>

<div>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div>

<div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div>

<div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div>

<div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div>

<div>CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll</div>

<div>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</div>

<div>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</div>

<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div>

<div>CHR - Extension: Selection Links = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkijocidoeahgdcnahfkmhfagmnebcjf\4.3_0\</div>

<div>CHR - Extension: YouTube = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\</div>

<div>CHR - Extension: Solid Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\crossrider</div>

<div>CHR - Extension: Solid Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\</div>

<div>CHR - Extension: Google Search = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\</div>

<div>CHR - Extension: ShopAtHome.com extension = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.0_0\</div>

<div>CHR - Extension: MixiDJ V30 = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.16.1.521_0\</div>

<div>CHR - Extension: RealDownloader = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\</div>

<div>CHR - Extension: Supreme Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\crossrider</div>

<div>CHR - Extension: Supreme Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\</div>

<div>CHR - Extension: Wajam = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\</div>

<div>CHR - Extension: Skype Click to Call = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\</div>

<div>CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\</div>

<div>CHR - Extension: QuotationCafe = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohiikdfklbnjahmhhfpckohidgaoplja\4.67.1.22125_0\</div>

<div>CHR - Extension: Gmail = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</div>

<div>CHR - Extension: InternetHelper3 = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp\10.16.1.521_0\</div>

<div>CHR - Extension: Selection Links = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkijocidoeahgdcnahfkmhfagmnebcjf\4.3_0\</div>

<div>CHR - Extension: YouTube = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\</div>

<div>CHR - Extension: Solid Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\crossrider</div>

<div>CHR - Extension: Solid Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\</div>

<div>CHR - Extension: Google Search = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\</div>

<div>CHR - Extension: ShopAtHome.com extension = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.0_0\</div>

<div>CHR - Extension: MixiDJ V30 = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.16.1.521_0\</div>

<div>CHR - Extension: RealDownloader = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\</div>

<div>CHR - Extension: Supreme Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\crossrider</div>

<div>CHR - Extension: Supreme Savings = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\</div>

<div>CHR - Extension: Wajam = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\</div>

<div>CHR - Extension: Skype Click to Call = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\</div>

<div>CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\</div>

<div>CHR - Extension: QuotationCafe = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohiikdfklbnjahmhhfpckohidgaoplja\4.67.1.22125_0\</div>

<div>CHR - Extension: Gmail = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</div>

<div>CHR - Extension: InternetHelper3 = C:\Users\Dot B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp\10.16.1.521_0\</div>

<div> </div>

<div>O1 HOSTS File: ([2013/06/01 21:26:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.</div>

<div>O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)</div>

<div>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found</div>

<div>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div>

<div>O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)</div>

<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)</div>

<div>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)</div>

<div>O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found</div>

<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Radio Masha 2.1 Toolbar) - {e37a45b1-e436-4eb4-b26e-d8dfc5a03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)</div>

<div>O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.</div>

<div>O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.</div>

<div>O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found</div>

<div>O3 - HKLM\..\Toolbar: (Radio Masha 2.1 Toolbar) - {e37a45b1-e436-4eb4-b26e-d8dfc5a03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)</div>

<div>O3 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</div>

<div>O3 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.</div>

<div>O3 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.</div>

<div>O3 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found</div>

<div>O3 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\Toolbar\WebBrowser: (Radio Masha 2.1 Toolbar) - {E37A45B1-E436-4EB4-B26E-D8DFC5A03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)</div>

<div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div>

<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)</div>

<div>O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)</div>

<div>O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)</div>

<div>O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)</div>

<div>O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)</div>

<div>O4 - HKLM..\Run: [searchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)</div>

<div>O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)</div>

<div>O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)</div>

<div>O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)</div>

<div>O4 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000..\Run: [searchProtect] C:\Users\Dot B\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)</div>

<div>O4 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000..\Run: [Yontoo Desktop] C:\Users\Dot B\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)</div>

<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found</div>

<div>O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found</div>

<div>O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found</div>

<div>O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found</div>

<div>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</div>

<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)</div>

<div>O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)</div>

<div>O15 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..Trusted Domains: plaxo.com ([www] https in Trusted sites)</div>

<div>O15 - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..Trusted Ranges: Range1 ([http] in Local intranet)</div>

<div>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43635972-4475-46BA-A148-2D055D76039B}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43635972-4475-46BA-A148-2D055D76039B}: NameServer = 68.105.28.12,68.105.29.12,68.105.28.11</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2AAE0BD-2B59-4F0B-BA65-ADC3A504F9E5}: DhcpNameServer = 192.168.10.1</div>

<div>O18 - Protocol\Handler\crawler {4545C96B-15D0-4E22-8DDE-6F2CAF531281} - C:\PROGRA~1\CRAWLE~1\Crawler.dll File not found</div>

<div>O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found</div>

<div>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found</div>

<div>O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)</div>

<div>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</div>

<div>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2007/10/23 00:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div>

<div>O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2013/06/02 11:33:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dot B\Desktop\OTL.exe</div>

<div>[2013/06/01 21:33:59 | 000,000,000 | ---D | C] -- C:\Users\Dot B\AppData\Local\temp</div>

<div>[2013/06/01 21:27:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN</div>

<div>[2013/06/01 12:59:53 | 000,000,000 | ---D | C] -- C:\Windows\temp</div>

<div>[2013/05/31 22:15:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</div>

<div>[2013/05/31 22:15:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</div>

<div>[2013/05/31 22:15:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</div>

<div>[2013/05/31 22:14:40 | 000,000,000 | ---D | C] -- C:\Qoobox</div>

<div>[2013/05/31 22:13:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</div>

<div>[2013/05/31 22:12:08 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\Dot B\Desktop\ComboFix.exe</div>

<div>[2013/05/31 21:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)</div>

<div>[2013/05/31 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</div>

<div>[2013/05/31 20:37:08 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe</div>

<div>[2013/05/31 20:36:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe</div>

<div>[2013/05/31 20:36:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe</div>

<div>[2013/05/31 20:36:52 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll</div>

<div>[2013/05/31 16:51:07 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe</div>

<div>[2013/05/31 16:28:00 | 000,000,000 | ---D | C] -- C:\Config.Msi</div>

<div>[2013/05/31 16:13:06 | 000,000,000 | ---D | C] -- C:\Users\Dot B\Desktop\JR - Cleaning tools</div>

<div>[2013/05/23 08:11:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</div>

<div>[2013/05/23 07:52:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</div>

<div>[2013/05/23 07:52:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe</div>

<div>[2013/05/23 07:52:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</div>

<div>[2013/05/23 07:52:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll</div>

<div>[2013/05/23 07:52:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</div>

<div>[2013/05/23 07:52:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll</div>

<div>[2013/05/23 07:52:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl</div>

<div>[2013/05/22 16:18:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll</div>

<div>[2013/05/22 16:17:40 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</div>

<div>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2013/06/02 11:34:36 | 000,615,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div>

<div>[2013/06/02 11:34:36 | 000,109,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div>

<div>[2013/06/02 11:24:57 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini</div>

<div>[2013/06/02 11:24:40 | 000,083,917 | ---- | M] () -- C:\ProgramData\nvModes.001</div>

<div>[2013/06/02 11:20:42 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl</div>

<div>[2013/06/02 11:17:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2013/06/02 11:17:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2013/06/02 11:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div>

<div>[2013/06/02 11:17:36 | 2079,219,712 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2013/06/02 11:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dot B\Desktop\OTL.exe</div>

<div>[2013/06/01 21:26:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts</div>

<div>[2013/06/01 21:06:43 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\Dot B\Desktop\ComboFix.exe</div>

<div>[2013/06/01 20:57:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div>

<div>[2013/06/01 20:57:06 | 000,083,917 | ---- | M] () -- C:\ProgramData\nvModes.dat</div>

<div>[2013/06/01 20:27:32 | 000,000,000 | ---- | M] () -- C:\END</div>

<div>[2013/06/01 13:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</div>

<div>[2013/06/01 13:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div>

<div>[2013/05/31 20:36:13 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll</div>

<div>[2013/05/31 20:36:10 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll</div>

<div>[2013/05/31 20:36:10 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe</div>

<div>[2013/05/31 20:36:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe</div>

<div>[2013/05/31 20:36:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe</div>

<div>[2013/05/31 20:36:09 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll</div>

<div>[2013/05/31 16:51:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</div>

<div>[2013/05/31 16:51:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</div>

<div>[2013/05/31 16:51:08 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe</div>

<div>[2013/05/23 18:45:28 | 000,881,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</div>

<div>[2013/05/09 09:35:55 | 000,029,184 | ---- | M] () -- C:\Users\Dot B\Documents\my perfect Labels.wps</div>

<div>[2013/05/09 09:35:55 | 000,001,610 | ---- | M] () -- C:\Users\Dot B\AppData\Roaming\wklnhst.dat</div>

<div>[2013/05/05 20:53:10 | 000,032,256 | ---- | M] () -- C:\Users\Dot B\Documents\Untitled Labels.wps</div>

<div>[2013/05/05 20:53:03 | 000,030,208 | ---- | M] () -- C:\Users\Dot B\Documents\perfect Labels.wps</div>

<div>[2013/05/05 12:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</div>

<div>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2013/06/02 11:17:36 | 2079,219,712 | -HS- | C] () -- C:\hiberfil.sys</div>

<div>[2013/05/31 22:15:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</div>

<div>[2013/05/31 22:15:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</div>

<div>[2013/05/31 22:15:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</div>

<div>[2013/05/31 22:15:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</div>

<div>[2013/05/31 22:15:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</div>

<div>[2013/04/16 16:07:44 | 000,000,258 | RHS- | C] () -- C:\Users\Dot B\ntuser.pol</div>

<div>[2011/09/17 18:47:08 | 000,001,021 | ---- | C] () -- C:\Users\Dot B\PrintMaster-2011-Platinum.prefs</div>

<div>[2011/08/31 16:01:49 | 000,000,000 | ---- | C] () -- C:\Windows\MSREGUSR.INI</div>

<div>[2011/08/06 12:10:32 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp</div>

<div>[2011/08/06 11:14:41 | 000,207,281 | ---- | C] () -- C:\Windows\hpwins28.dat</div>

<div>[2011/06/25 13:12:30 | 000,024,206 | ---- | C] () -- C:\Users\Dot B\AppData\Roaming\UserTile.png</div>

<div>[2011/01/14 18:11:19 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi</div>

<div>[2010/01/29 08:28:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat</div>

<div>[2009/11/10 09:33:01 | 000,001,100 | ---- | C] () -- C:\Users\Dot B\AppData\Local\d3d8caps.dat</div>

<div>[2009/08/03 13:55:35 | 000,001,610 | ---- | C] () -- C:\Users\Dot B\AppData\Roaming\wklnhst.dat</div>

<div>[2009/02/15 20:12:27 | 000,083,917 | ---- | C] () -- C:\ProgramData\nvModes.001</div>

<div>[2009/02/15 20:12:19 | 000,083,917 | ---- | C] () -- C:\ProgramData\nvModes.dat</div>

<div>[2009/01/02 20:38:54 | 000,000,003 | ---- | C] () -- C:\ProgramData\347hfs.dat</div>

<div>[2008/10/16 21:33:10 | 000,007,620 | ---- | C] () -- C:\Users\Dot B\AppData\Local\d3d9caps.dat</div>

<div>[2008/03/28 22:18:42 | 000,025,088 | ---- | C] () -- C:\Users\Dot B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2008/02/01 14:31:32 | 000,027,335 | ---- | C] () -- C:\Users\Dot B\AppData\Roaming\nvModes.001</div>

<div>[2008/02/01 14:22:00 | 000,027,335 | ---- | C] () -- C:\Users\Dot B\AppData\Roaming\nvModes.dat</div>

<div> </div>

<div>========== ZeroAccess Check ==========</div>

<div> </div>

<div>[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Both</div>

<div> </div>

<div>========== Alternate Data Streams ==========</div>

<div> </div>

<div>@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D346F792</div>

<div>@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720</div>

<div>@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:46A173D9</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

Share this post


Link to post
Share on other sites

<p>File was to long had to do second posting:</p>

<p> </p>

<div>OTL Extras logfile created on: 6/2/2013 11:43:42 AM - Run 1</div>

<div>OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dot B\Desktop</div>

<div>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 9.0.8112.16421)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>1.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.84% Memory free</div>

<div>4.11 Gb Paging File | 3.15 Gb Available in Paging File | 76.69% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 220.97 Gb Total Space | 132.00 Gb Free Space | 59.74% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 11.91 Gb Total Space | 1.84 Gb Free Space | 15.41% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: DOTB-PC | User Name: Dot B | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Extra Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== File Associations ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</div>

<div>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*</div>

<div>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</div>

<div>.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)</div>

<div> </div>

<div>[HKEY_USERS\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Classes\<extension>]</div>

<div>.html [@ = ChromeHTML] -- Reg Error: Key error. File not found</div>

<div> </div>

<div>========== Shell Spawning ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</div>

<div>batfile [open] -- "%1" %*</div>

<div>cmdfile [open] -- "%1" %*</div>

<div>comfile [open] -- "%1" %*</div>

<div>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*</div>

<div>exefile [open] -- "%1" %*</div>

<div>helpfile [open] -- Reg Error: Key error.</div>

<div>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</div>

<div>https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)</div>

<div>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</div>

<div>piffile [open] -- "%1" %*</div>

<div>regfile [merge] -- Reg Error: Key error.</div>

<div>scrfile [config] -- "%1"</div>

<div>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</div>

<div>scrfile [open] -- "%1" /S</div>

<div>txtfile [edit] -- Reg Error: Key error.</div>

<div>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</div>

<div>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</div>

<div>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div>

<div>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)</div>

<div>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)</div>

<div>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</div>

<div> </div>

<div>========== Security Center Settings ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</div>

<div>"cval" = 1</div>

<div>"FirewallDisableNotify" = 0</div>

<div>"AntiVirusDisableNotify" = 0</div>

<div>"UpdatesDisableNotify" = 0</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</div>

<div>"DisableMonitoring" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]</div>

<div>"DisableMonitoring" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]</div>

<div>"DisableMonitoring" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</div>

<div>"AntiVirusOverride" = 0</div>

<div>"AntiSpywareOverride" = 0</div>

<div>"FirewallOverride" = 0</div>

<div>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</div>

<div>"VistaSp2" = Reg Error: Unknown registry data type -- File not found</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</div>

<div> </div>

<div>========== System Restore Settings ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]</div>

<div>"DisableSR" = 0</div>

<div> </div>

<div>========== Firewall Settings ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</div>

<div>"DisableNotifications" = 0</div>

<div>"EnableFirewall" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</div>

<div>"DisableNotifications" = 0</div>

<div>"EnableFirewall" = 1</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</div>

<div>"DisableNotifications" = 0</div>

<div>"EnableFirewall" = 1</div>

<div> </div>

<div>========== Authorized Applications List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]</div>

<div>"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)</div>

<div> </div>

<div> </div>

<div>========== Vista Active Open Ports Exception List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{15324083-6A8D-40AA-A170-D1C51C2F99A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | </div>

<div>"{1665B2CE-F725-4A9A-BB08-BAD7298ABDD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | </div>

<div>"{1C649D2A-B9D3-48A3-B77F-5B2D2E8399C4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{1DC7273F-77A5-427B-8B44-974AA0E72167}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{294BFD04-007D-4E1D-8459-55D29A2E0886}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | </div>

<div>"{37D4D29E-7238-424A-AF57-60ECC8CD5700}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | </div>

<div>"{421610C4-FF88-43D7-84DE-40D6C7507C57}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | </div>

<div>"{4E4C6878-A86A-4243-9EA6-842A313F9387}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | </div>

<div>"{5731370C-C4F6-4E88-86FA-339350A7AB8B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{57B6FA0B-AC58-486D-829D-B826E5902819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | </div>

<div>"{59ACF184-AE8F-4720-BEC8-AF858EE46F0A}" = rport=10243 | protocol=6 | dir=out | app=system | </div>

<div>"{614833D3-A691-48BC-B28A-5836BA1A6DEC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{64D373B6-7272-455D-9A95-8794BC1184DB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{653A3F9D-8B60-496D-BC7E-87C99141ABE0}" = rport=137 | protocol=17 | dir=out | app=system | </div>

<div>"{677C88F1-5F2E-47DC-8EFD-6F998747D9E7}" = lport=2869 | protocol=6 | dir=in | app=system | </div>

<div>"{682E47C6-0047-4EDB-BB37-6CCC89E14396}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | </div>

<div>"{6FA041AA-8976-4280-BFCE-EA43481CD175}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{70FF5234-F68A-4F68-BA9D-871BB623334E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | </div>

<div>"{92295B6D-67A3-41B6-A7A4-FA13A97DCCE2}" = rport=139 | protocol=6 | dir=out | app=system | </div>

<div>"{927640BE-12C1-491A-9495-529FEC21A2F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | </div>

<div>"{99B1B7AB-F65F-4BD3-9266-3D3B6C137193}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{99D3B69E-E45A-41D3-9E97-A8EFC0C5B362}" = lport=137 | protocol=17 | dir=in | app=system | </div>

<div>"{C2220C4C-B812-45C2-8395-2EC7AA653BD3}" = rport=445 | protocol=6 | dir=out | app=system | </div>

<div>"{C98CA02C-5ADC-4ED4-B973-CEF566D88534}" = lport=2869 | protocol=6 | dir=in | app=system | </div>

<div>"{CD707855-2793-4129-AD7A-5868AAEE7601}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | </div>

<div>"{CDB71964-7C38-46AF-B8AE-612FC0245773}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | </div>

<div>"{D0E23FC4-B09C-405A-9C83-F7A10E547DED}" = lport=10243 | protocol=6 | dir=in | app=system | </div>

<div>"{E39F8C5C-ECB1-4107-8511-4A8C69586BF3}" = rport=138 | protocol=17 | dir=out | app=system | </div>

<div>"{E4934419-A209-49C7-B17B-7A4094F29327}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | </div>

<div>"{E86B7C3F-9642-4176-A34B-CF489C3FDD61}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{E8EAFA46-244E-4548-BF80-C98DFF702AFD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{EDD8258F-E4CD-4C50-87D1-5E6E4BD46599}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | </div>

<div>"{EE37ED20-9290-460E-8D62-CE6C67583926}" = lport=138 | protocol=17 | dir=in | app=system | </div>

<div>"{F52C2D96-2117-49BF-8300-7BA05B2D6277}" = lport=139 | protocol=6 | dir=in | app=system | </div>

<div>"{FD007698-066F-4D40-8741-B54DCEEDD101}" = lport=445 | protocol=6 | dir=in | app=system | </div>

<div> </div>

<div>========== Vista Active Application Exception List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{03731097-343C-47AC-A3A0-F0D82306ADD2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | </div>

<div>"{0BD41E40-3EAC-40F3-AF6F-A5359492F1FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | </div>

<div>"{0FD248AB-5447-4836-A887-327163AB38A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{14280371-295E-456B-AA89-CCB57472B21B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | </div>

<div>"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{1B53F00B-8622-4025-96B1-DBF3EDE6EB49}" = dir=in | app=c:\program files\itunes\itunes.exe | </div>

<div>"{1F4BDB64-0CAE-4F01-B67B-BEFF15818266}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | </div>

<div>"{26C32D05-025C-4825-B066-A23E69A14732}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | </div>

<div>"{2742D032-BB4D-4AA2-AA8A-1E18BF627E3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | </div>

<div>"{2837705E-DF60-4BA3-9D08-EF3DF3ED6804}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | </div>

<div>"{2AE4F255-7B8E-4E78-8D5B-4FD3E2BC09B4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | </div>

<div>"{2F635961-175D-4664-B4FD-26A3D12F4096}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{33BABFC9-5507-4E34-A95F-4677EB85149B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{36E6D350-36D4-41B5-A1F9-F763CC35524C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | </div>

<div>"{385DD4CE-5439-4F80-8D77-B96D43C49A5E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | </div>

<div>"{38F32347-BC2C-4859-9FAF-D092F928E5A4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | </div>

<div>"{3A7DFA20-BE83-4375-A7E2-FF5B6903EDEF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | </div>

<div>"{3A883119-F5DF-47B5-9B48-D9023F4E2342}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | </div>

<div>"{3B596FAF-9439-41D1-AA27-FF8BBA53B094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{3E15DA53-3F53-4CF6-B03E-47E78E6194DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | </div>

<div>"{3EC86714-8387-408B-96E6-981610836165}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </div>

<div>"{40D0AEAB-E8B0-4784-B746-671AC26608B8}" = protocol=6 | dir=out | app=system | </div>

<div>"{415F2671-5EB3-43F3-81EE-D636E867EAAB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | </div>

<div>"{44C617B7-100A-495D-A0C8-6C13E63FE2C2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | </div>

<div>"{45353C69-11B0-49DF-A153-FAEF489D2F33}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{4D687264-152E-4AD5-9770-E3D3B6B1EBD8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | </div>

<div>"{53547B6F-22D9-4D2D-B99E-07684DF703F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{5ACF5194-6445-464C-9067-7F3173147D22}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | </div>

<div>"{5E3E6AFF-9B32-41E9-B141-3E29A3EB24DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | </div>

<div>"{5F0BFC34-7545-4084-ABBE-7BC357D5B9CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | </div>

<div>"{5FD5EAFB-EDA0-4B27-823E-2703CD285C2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | </div>

<div>"{614AC1C2-7FCE-41D0-9909-847247B35E5B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | </div>

<div>"{62B3D990-B52C-41B7-AEC7-80919F961367}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | </div>

<div>"{638B5F82-B4CB-43F6-8B61-7FD39AD58398}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | </div>

<div>"{6515C426-19F4-4040-827F-B6C776FD7C92}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | </div>

<div>"{663B9CA8-D72D-432C-8872-434D4D388595}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | </div>

<div>"{669FB0DE-8D08-482F-BEF1-6D7C8BA3B2E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | </div>

<div>"{66F657D3-DD4A-425A-9A4A-9AC3B71CDFE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | </div>

<div>"{6E889A80-95A7-43BD-B7F5-BE613025127A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | </div>

<div>"{6F50D2C4-8E6C-46EE-88E2-254E72827181}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </div>

<div>"{7538F485-10D9-415A-82B4-55A5A62F0F44}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | </div>

<div>"{7AEA36CF-F059-46A4-B2EF-5EE61D9F5218}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | </div>

<div>"{8157E75A-336D-42A6-88B5-D3B7FD764C3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | </div>

<div>"{8D7CCF91-ED68-4A04-8BEA-6D9EF654456C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | </div>

<div>"{8ECE70B1-6B9F-442A-8A8D-04FF22EF528B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | </div>

<div>"{8F14801E-EA67-4C3E-B1A9-3C7FA5837978}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | </div>

<div>"{91CCA1FE-A875-44B7-8B1D-3F27A38CE998}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{975C963E-C95F-4C88-AC07-C144EEBDB7F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | </div>

<div>"{9871EEAD-2049-40D3-86C5-E088A4D430A4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | </div>

<div>"{A637B19F-5D35-40EC-AEC0-A306A2BB2D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | </div>

<div>"{A7EB421D-4FDC-4D3B-AFF0-54F1E443BA00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | </div>

<div>"{AFFAFE24-7FB1-4323-B62E-700BFED24A72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | </div>

<div>"{B2EA3758-6C9B-4B68-B19B-6C8323145E7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | </div>

<div>"{B72966D9-0EC8-4AAF-9AF9-61A3884784AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | </div>

<div>"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{BCB9EF1A-5F4B-48F4-8BC3-BD4A8C4FCBFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | </div>

<div>"{C2CEB851-4E85-4683-8A33-2B51CEB307B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | </div>

<div>"{C55D1651-BE0D-401A-A6BB-8F94723D9299}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | </div>

<div>"{C9B2AE0C-B22E-4A10-8EBF-2053BD2D3C3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | </div>

<div>"{CFDA7EFF-B094-4C7F-B088-3C259547BD86}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | </div>

<div>"{D8AB9BEC-D878-43DD-B575-3A808BD46216}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div>

<div>"{DB27F18E-91CA-44FE-9693-9B41AC32ECD0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | </div>

<div>"{DFCB01A8-408C-44D3-B782-488575892556}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | </div>

<div>"{E403538A-6713-4809-BD2F-C8215CF6FA71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | </div>

<div>"{E6DFB6CB-1771-483B-89E5-C25916AA5372}" = dir=in | app=e:\setup\hpznui01.exe | </div>

<div>"{ED3FF496-8200-4F45-AA5D-D540C07A554A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | </div>

<div>"{ED71A28E-2237-4FBB-A7DD-3B5637071CB4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | </div>

<div>"{F1FB8C17-2D31-4AF9-90B9-5E4944F26780}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | </div>

<div>"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </div>

<div>"{FDADB769-6E78-4670-9578-02822A6B334B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </div>

<div>"{FDF77B0E-1120-41B6-8DE4-351CD68184CB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | </div>

<div>"TCP Query User{248BFC3E-E4B7-43D0-AD17-A1A0B0D31E60}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | </div>

<div>"TCP Query User{9B7BC222-97BA-4B3C-BC45-A7FA9B3D7FFC}C:\users\dot b\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\dot b\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | </div>

<div>"UDP Query User{2D1F058B-EA14-49BD-BB66-A6C226F65F5A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | </div>

<div>"UDP Query User{556F6F1B-70F9-4FB4-A865-63A792FF6263}C:\users\dot b\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\dot b\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | </div>

<div> </div>

<div>========== HKEY_LOCAL_MACHINE Uninstall List ==========</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div>

<div>"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional</div>

<div>"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer</div>

<div>"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam</div>

<div>"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime</div>

<div>"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1</div>

<div>"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer</div>

<div>"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer</div>

<div>"{0BB53CBD-B1FC-469F-9564-2C447AC3D2A8}" = BLS-2009</div>

<div>"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan</div>

<div>"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1</div>

<div>"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works</div>

<div>"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1</div>

<div>"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources</div>

<div>"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch</div>

<div>"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client</div>

<div>"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker</div>

<div>"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player</div>

<div>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div>

<div>"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update</div>

<div>"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite</div>

<div>"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions</div>

<div>"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget</div>

<div>"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery</div>

<div>"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service</div>

<div>"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant</div>

<div>"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1</div>

<div>"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library</div>

<div>"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes</div>

<div>"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21</div>

<div>"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program</div>

<div>"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1</div>

<div>"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections</div>

<div>"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety</div>

<div>"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm</div>

<div>"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update</div>

<div>"{2F40F38E-0AB7-4C67-A672-03505A7F44BF}" = BIAS SoundSaver for INport</div>

<div>"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support</div>

<div>"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery</div>

<div>"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE</div>

<div>"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1</div>

<div>"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery</div>

<div>"{353EA1D4-37AA-4444-AFEC-45BC462D7449}" = BLS-2012</div>

<div>"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)</div>

<div>"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour</div>

<div>"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32</div>

<div>"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min</div>

<div>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile</div>

<div>"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg</div>

<div>"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax</div>

<div>"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support</div>

<div>"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6</div>

<div>"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources</div>

<div>"{466FC45F-57D6-4EF2-9F72-EB7235F2CAC9}" = BLS-2013</div>

<div>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater</div>

<div>"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter</div>

<div>"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout</div>

<div>"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform</div>

<div>"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion</div>

<div>"{50af29f4-84e0-4d44-950d-875749c7d95b}.sdb" = Print Perfect Deluxe</div>

<div>"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01</div>

<div>"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz</div>

<div>"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library</div>

<div>"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI</div>

<div>"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant</div>

<div>"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2</div>

<div>"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites</div>

<div>"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library</div>

<div>"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE</div>

<div>"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista</div>

<div>"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting</div>

<div>"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help</div>

<div>"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack</div>

<div>"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox</div>

<div>"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti</div>

<div>"{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant</div>

<div>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</div>

<div>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</div>

<div>"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013</div>

<div>"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime</div>

<div>"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update</div>

<div>"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core</div>

<div>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour</div>

<div>"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic</div>

<div>"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4</div>

<div>"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z</div>

<div>"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer</div>

<div>"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger</div>

<div>"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks</div>

<div>"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088</div>

<div>"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync</div>

<div>"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.051</div>

<div>"{88CA774F-569E-11D6-A7DD-B142DCF5151F}" = Print Perfect DVD</div>

<div>"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1</div>

<div>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</div>

<div>"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime</div>

<div>"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT</div>

<div>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007</div>

<div>"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007</div>

<div>"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007</div>

<div>"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007</div>

<div>"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007</div>

<div>"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007</div>

<div>"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007</div>

<div>"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system</div>

<div>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007</div>

<div>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007</div>

<div>"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007</div>

<div>"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007</div>

<div>"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In</div>

<div>"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007</div>

<div>"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007</div>

<div>"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer</div>

<div>"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr</div>

<div>"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker</div>

<div>"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)</div>

<div>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</div>

<div>"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector</div>

<div>"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)</div>

<div>"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend</div>

<div>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17</div>

<div>"{9AC32174-55C0-4B9D-B728-90278C5825A1}" = BLS-2011 Clipart</div>

<div>"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc</div>

<div>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div>

<div>"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail</div>

<div>"{9E83F937-E372-4AAD-B3EB-55A3DDAFFFB6}" = Print Perfect Gold</div>

<div>"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel</div>

<div>"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh</div>

<div>"{A6692334-2483-4A07-8F84-38F95BB9EB47}" = BLS-2011</div>

<div>"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer</div>

<div>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper</div>

<div>"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common</div>

<div>"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer</div>

<div>"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime</div>

<div>"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer</div>

<div>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)</div>

<div>"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1</div>

<div>"{ACA86100-5677-11D4-ADCE-0050BABCD810}" = SyNET USB NETWORK CABLE</div>

<div>"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR</div>

<div>"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin</div>

<div>"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status</div>

<div>"{AF06F78B-ACF7-40E3-9D1A-BC5A0529298B}" = Print Perfect Deluxe</div>

<div>"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime</div>

<div>"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter</div>

<div>"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor</div>

<div>"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network</div>

<div>"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0</div>

<div>"{B3A1BF34-A336-450D-BC3E-3A854AD270A0}" = AVG 2013</div>

<div>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy</div>

<div>"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc</div>

<div>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call</div>

<div>"{BAB5833D-3C28-42CA-B160-A0F5B3BDD17C}" = American Greetings CreataCard</div>

<div>"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5</div>

<div>"{BBF80896-049C-497E-BB94-E57F0F9054F0}" = BLS-2010</div>

<div>"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements</div>

<div>"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations</div>

<div>"{C20A3DF1-617A-4523-AAC5-6A6744BCE281}" = Total PC Health Total PC Health</div>

<div>"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant</div>

<div>"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566</div>

<div>"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint</div>

<div>"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail</div>

<div>"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant</div>

<div>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1</div>

<div>"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform</div>

<div>"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common</div>

<div>"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform</div>

<div>"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp</div>

<div>"{DC3381CB-10D4-431D-B9B3-7DB84B00645F}" = FreePriceAlerts 2.3.5</div>

<div>"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1</div>

<div>"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources</div>

<div>"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh</div>

<div>"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01</div>

<div>"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10</div>

<div>"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support</div>

<div>"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader</div>

<div>"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger</div>

<div>"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer</div>

<div>"{ECA9A619-9C0B-47F8-BD98-78C14B96117C}" = Christian Greeting Card Factory</div>

<div>"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)</div>

<div>"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10</div>

<div>"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]</div>

<div>"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219</div>

<div>"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5</div>

<div>"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety</div>

<div>"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)</div>

<div>"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo</div>

<div>"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista</div>

<div>"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform</div>

<div>"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials</div>

<div>"{FFB38F3F-2CAD-44D2-98AE-247EADE6EB21}" = American Greetings Crafts!</div>

<div>"5354-7805-5584-7014" = PrintMaster 2011 Platinum</div>

<div>"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites</div>

<div>"Adobe AIR" = Adobe AIR</div>

<div>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX</div>

<div>"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin</div>

<div>"Adobe Shockwave Player" = Adobe Shockwave Player 11.5</div>

<div>"American Greetings CreataCard 5.0" = American Greetings® CreataCard® Silver 5</div>

<div>"Audacity_is1" = Audacity 1.2.6</div>

<div>"AVG" = AVG 2013</div>

<div>"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1</div>

<div>"Bejeweled 3" = Bejeweled 3 (remove only)</div>

<div>"Big Money Deluxe 1.3" = Big Money Deluxe 1.3</div>

<div>"CCleaner" = CCleaner</div>

<div>"Cisco Connect" = Cisco Connect</div>

<div>"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP</div>

<div>"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1</div>

<div>"Download_Manager_and_Options" = Download Manager and Options</div>

<div>"Free Download Manager_is1" = Free Download Manager 3.9.2</div>

<div>"Google Chrome" = Google Chrome</div>

<div>"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)</div>

<div>"HOMESTUDENTR" = Microsoft Office Home and Student 2007</div>

<div>"HP Document Manager" = HP Document Manager 2.0</div>

<div>"HP Imaging Device Functions" = HP Imaging Device Functions 13.0</div>

<div>"HP Photosmart Essential" = HP Photosmart Essential 2.5</div>

<div>"HP Smart Web Printing" = HP Smart Web Printing 4.5</div>

<div>"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0</div>

<div>"HPExtendedCapabilities" = HP Customer Participation Program 13.0</div>

<div>"HPOCR" = OCR Software by I.R.I.S. 13.0</div>

<div>"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer</div>

<div>"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam</div>

<div>"InternetHelper3 Chrome Toolbar" = InternetHelper3 Chrome Toolbar</div>

<div>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400</div>

<div>"McAfee Security Scan" = McAfee Security Scan Plus</div>

<div>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1</div>

<div>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</div>

<div>"Monopoly Casino Vegas Edition" = MONOPOLY CASINO Vegas Edition</div>

<div>"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)</div>

<div>"MozillaMaintenanceService" = Mozilla Maintenance Service</div>

<div>"MSNINST" = MSN</div>

<div>"Network MagicUninstall" = Network Magic</div>

<div>"NSS" = Norton Security Scan</div>

<div>"NVIDIA Drivers" = NVIDIA Drivers</div>

<div>"PrintMaster Gold 4.00" = PrintMaster Gold 4.00</div>

<div>"QuotationCafe_45 Chrome Extension Uninstall" = QuotationCafe Toolbar Chrome Extension</div>

<div>"Radio_Masha_2.1 Toolbar" = Radio Masha 2.1 Toolbar</div>

<div>"RealPlayer 16.0" = RealPlayer</div>

<div>"SearchProtect" = Search Protect by conduit</div>

<div>"Shockwave" = Shockwave</div>

<div>"sl-cb" = SelectionLinks</div>

<div>"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4</div>

<div>"Solid Savings" = Solid Savings</div>

<div>"STANDARDR" = Microsoft Office Standard 2007</div>

<div>"Supreme Savings" = Supreme Savings</div>

<div>"SynTPDeinstKey" = Synaptics Pointing Device Driver</div>

<div>"Wajam" = Wajam</div>

<div>"WebPost" = Microsoft Web Publishing Wizard 1.52</div>

<div>"WildTangent hp Master Uninstall" = My HP Games</div>

<div>"WinLiveSuite" = Windows Live Essentials</div>

<div> </div>

<div>========== HKEY_USERS Uninstall List ==========</div>

<div> </div>

<div>[HKEY_USERS\S-1-5-21-2831361319-4107640473-1937185786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</div>

<div>"A+LS Client Application" = A+LS Client Application</div>

<div>"InstallShield_{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant</div>

<div>"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player</div>

<div> </div>

<div>========== Last 20 Event Log Errors ==========</div>

<div> </div>

<div>Error: Unable to start EventLog service!</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

Share this post


Link to post
Share on other sites

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D346F792
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:46A173D9
    PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Dot B\AppData\Roaming\SearchProtect\bin\cltmng.exe
    PRC - [2013/04/11 07:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...8A000015}
    IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...rchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {4D7741C1-34E0-41AF-8CBB-1CEF6471B50B}
    IE - HKLM\..\URLSearchHook: {e37a45b1-e436-4eb4-b26e-d8dfc5a03902} - C:\Program Files\Radio_Masha_2.1\prxtbRadi.dll (Conduit Ltd.)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...8A000015}
    IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...rchTerms}
    IE - HKU\S-1-5-21-2831361319-4107640473-1937185786-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...8A000015}
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN42361493752100910&UM=2&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN42361493752100910&UM=2&UP=SP334D60CC-BF8C-4C77-A304-FE7D35C941A7"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN42361493752100910&UM=2&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "iYogi"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Crawler Search"
    FF - prefs.js..browser.startup.homepage: "http://search.iyogi.com/"

    :Files
    C:\Users\Dot B\AppData\Roaming\SearchProtect
    C:\Program Files\SearchProtect
    C:\Program Files\Updater By SweetPacks

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]


  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Share this post


Link to post
Share on other sites

System still took forever to boot, thought it was not going to boot this time. But system finally gave me a screen I am getting to know. But i have a pop-up called Microsoft Windows - Looking in the taskmanager it is also called Microsoft Windows

Right clicking on the highlighted taskbar icon I have two choices Restore or Close all other commands (Move, Size, Minimize, Maximize) are grayed out. I keep closing the active highlighted Icon, but after 10 - 15 seconds it returns. I see Yontoo Desktop is running in Processes...

Still have no Internet - Wired - can not update malwarbytes, or connect with Chrome.

Report as requested --------------------------

All processes killed

========== OTL ==========

ADS C:\ProgramData\TEMP:D346F792 deleted successfully.

ADS C:\ProgramData\TEMP:373E1720 deleted successfully.

ADS C:\ProgramData\TEMP:46A173D9 deleted successfully.

No active process named cltmng.exe was found!

Process CltMngSvc.exe killed successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e37a45b1-e436-4eb4-b26e-d8dfc5a03902} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e37a45b1-e436-4eb4-b26e-d8dfc5a03902}\ deleted successfully.

File C:\Program

Files\Radio_Masha_2.1\prxtbRadi.dll not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key -

HKEY_USERS\S-1-5-21-2831361319-4107640473-1937185786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-

1987-4100-a3c6-5b4267084510}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-

1987-4100-a3c6-5b4267084510}\ not found.

Registry key -

HKEY_USERS\S-1-5-21-2831361319-4107640473-1937185786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-

6118-11DC-9C72-001320C79847}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-

6118-11DC-9C72-001320C79847}\ not found.

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=

UN42361493752100910&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "http://search.conduit.com/?ctid=CT3298566&octid=CT3298566&

SearchSource=61&CUI=UN42361493752100910&UM=2&UP=SP334D60CC-BF8C-4C77

-A304-FE7D35C941A7" removed from browser.startup.homepage

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=

2&CUI=UN42361493752100910&UM=2&q=" removed from keyword.URL

Prefs.js: "iYogi" removed from sweetim.toolbar.previous.browser.search.defaultenginename

Prefs.js: "Crawler Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine

Prefs.js: "http://search.iyogi.com/" removed from browser.startup.homepage

========== FILES ==========

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect\bin folder moved successfully.

C:\Users\Dot B\AppData\Roaming\SearchProtect folder moved successfully.

C:\Program Files\SearchProtect\ffprotect folder moved successfully.

C:\Program Files\SearchProtect\Dialogs\spsd\images folder moved successfully.

C:\Program Files\SearchProtect\Dialogs\spsd folder moved successfully.

C:\Program Files\SearchProtect\Dialogs\spbd\images folder moved successfully.

C:\Program Files\SearchProtect\Dialogs\spbd folder moved successfully.

C:\Program Files\SearchProtect\Dialogs\lib folder moved successfully.

C:\Program Files\SearchProtect\Dialogs folder moved successfully.

C:\Program Files\SearchProtect\bin folder moved successfully.

C:\Program Files\SearchProtect folder moved successfully.

C:\Program Files\Updater By SweetPacks\resources folder moved successfully.

C:\Program Files\Updater By SweetPacks\libraries folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\defaults folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\chrome\content folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox\chrome folder moved successfully.

C:\Program Files\Updater By SweetPacks\Firefox folder moved successfully.

C:\Program Files\Updater By SweetPacks folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Dot B

->Temp folder emptied: 94078091 bytes

->Temporary Internet Files folder emptied: 209899957 bytes

->Java cache emptied: 59531768 bytes

->FireFox cache emptied: 54704370 bytes

->Google Chrome cache emptied: 400166277 bytes

->Flash cache emptied: 1066783 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 89772 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 782.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dot B

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Dot B

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_203704

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\WebEx\Log\62\atashost.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Let's try this:

Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file.

To do this, follow these steps:

  1. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  2. At the command prompt, type the following command, and then press ENTER:
    sfc /scannow	


  3. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Share this post


Link to post
Share on other sites

Back home, will do this later tonight, sleep is calling my name...

JR

Share this post


Link to post
Share on other sites

Sleep is important!

Share this post


Link to post
Share on other sites

Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log The system file repair changes will take effect after the next reboot.

I typed exit, and now rebooting: Logo comes up quickly for the first time, welcome screen still takes a while, and then black screen with arrow cursor appears and it takes forever to book. I still have a task bar "Microsoft Windows" icon and a dialog box.

Dialog box: "Windows Security Center" Firewall Off, Malware protection off.

Microsoft Windows: Host Process for Windows Services stopped working and was closed. A problem caussed the application to stop working correctly. Windows will notify you if a solution is available.

Still no internet service: I.E. crashes, Firefox opens to conduit search address, and Google Chrome has error 137 (net::ERR_NAME_RESOLUTION_FAILED) Unknown error

Windows Task Manger: no application running, Processes: 2 Rundill32.exe are listed one with no user, & one for Dot B, YontooDesktop.exe, Winlog.exe with no user name, Csrss.exe with no user name

I also can not find the CBS.Log to provide...

JR

Share this post


Link to post
Share on other sites

We're making progress.

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Share this post


Link to post
Share on other sites

D-FRED-BROWN,

I can download the download the ESET Smart Installer with another computer, move the link, but do not believe I can get on-line. That is my current problem, no internet abilities!!!

JR

Share this post


Link to post
Share on other sites

Yeah sorry, I should have been more specific- See if you can copy the SmartInstaller over from another computer. If you have no success in running the tool with the SmartInstaller, please proceed with the following:

-----------

Let's figure out what's going on with your net connection:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Waiting for black screen to become a working Vista...

Txt file.....

Farbar Service Scanner Version: 31-05-2013 01

Ran by Dot B (administrator) on 07-06-2013 at 20:56:13

Running from "C:\Users\Dot B\Desktop"

Windows Vista Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:

============================

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-14 11:08] - [2013-01-04 04:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

JR

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.