Is this PC infected?

Author	All Replies
Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3 Reviews: ·Verizon FiOS ·Vonage	Is this PC infected? Hi, A coworker asked me to checkout her PC, so I said yes. I'm a bit puzzled by this one, but here are the facts: My coworker came to me and said that she clicked on an email from her friend. It was from her friend, but it was a spam message and my coworker didn't realize it. She clicked on the link within the email, and immediately something came on the screen telling her she's infected, buy this software to get rid of it, and she can't "open anything". I tell her, "yeah, just give me the PC, I'll fix it for you" because I've done a bunch of these for people; sometimes they're so bad, I just wipe and reload, but it's fixed and they're happy. At any rate... I turned this machine on, and it booted right to the desktop with no problems. No popups, no obvious suspicious activity or applications. In short, I don't see a problem. At any rate, I peeked around a bit, still couldn't find anything, so I decided to do right by her and do a "tune up" of sorts. This is a ~3 year old nice HP desktop in excellent working order. At the same time, I wanted to check with you guys/gals here to make sure there isn't something I'm missing. My coworker is a very novice PC user, so I'm confident she saw what she saw. With that said, I can't find anything. So here we go: The only curious thing I did find was that Norton Internet Security is installed, and as of 7/11 (2 days after giving me the machine) it has 365 days of protection left. I guess it's possible that she installed this and didn't tell me, and NIS removed the issue(s), but I could find nothing of value in the NIS quarantine logs. I ran TFC as requested, and the machine rebooted. Following the rest of the mandatory steps, here goes: MBAM LOG Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 kim :: KIM-PC [administrator] 7/11/2012 10:18:01 PM mbam-log-2012-07-11 (22-18-01).txt Scan type: Full scan (C:\\|D:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 378467 Time elapsed: 1 hour(s), 29 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL.TXT OTL logfile created on: 7/11/2012 9:47:31 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.99 Gb Total Physical Memory \| 1.80 Gb Available Physical Memory \| 45.12% Memory free 7.98 Gb Paging File \| 6.00 Gb Available in Paging File \| 75.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 453.72 Gb Total Space \| 398.72 Gb Free Space \| 87.88% Space Free \| Partition Type: NTFS Drive D: \| 11.95 Gb Total Space \| 2.17 Gb Free Space \| 18.19% Space Free \| Partition Type: NTFS Computer Name: KIM-PC \| User Name: kim \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe PRC - [2012/02/24 09:09:05 \| 000,307,824 \| ---- \| M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011/12/10 14:46:28 \| 000,247,968 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe PRC - [2011/03/28 18:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/08/09 15:25:36 \| 000,885,216 \| ---- \| M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe PRC - [2010/07/12 12:53:00 \| 000,399,032 \| ---- \| M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010/03/03 20:16:06 \| 000,013,336 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/03 20:16:04 \| 000,284,696 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/12/01 20:49:52 \| 000,210,216 \| ---- \| M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/10/20 14:50:34 \| 000,128,296 \| ---- \| M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009/06/03 15:35:16 \| 000,430,080 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2009/05/26 04:36:13 \| 000,656,896 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009/03/17 04:26:16 \| 000,759,728 \| ---- \| M] (Skinkers Communications) -- C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe PRC - [2008/11/20 13:47:28 \| 000,062,768 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/06/15 07:47:54 \| 012,436,480 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 08:25:17 \| 014,340,608 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/14 08:25:01 \| 001,591,808 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/14 08:24:57 \| 012,237,824 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/12 09:54:36 \| 001,051,136 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/12 09:54:35 \| 000,452,608 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012/05/12 09:49:50 \| 000,368,128 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/12 09:49:37 \| 000,771,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/12 09:49:36 \| 006,611,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/12 09:49:11 \| 000,185,344 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll MOD - [2012/05/12 09:49:03 \| 003,347,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/12 09:48:59 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/12 09:48:56 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/12 09:48:55 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/12 09:48:50 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/02/07 09:00:21 \| 000,036,920 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/04 21:58:05 \| 002,927,616 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/08/09 15:25:36 \| 000,885,216 \| ---- \| M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe MOD - [2010/08/09 15:25:36 \| 000,177,616 \| ---- \| M] () -- C:\Program Files (x86)\SelectRebates\SRebates.dll MOD - [2010/06/30 00:12:54 \| 000,061,440 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/06/30 00:12:52 \| 000,131,072 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/06/30 00:12:42 \| 000,040,960 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/06/30 00:12:40 \| 000,036,864 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/06/30 00:12:40 \| 000,007,680 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/06/30 00:12:40 \| 000,005,632 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/06/30 00:12:36 \| 000,018,944 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/06/30 00:12:18 \| 000,028,672 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/12/01 20:49:50 \| 000,931,112 \| ---- \| M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/07/13 21:15:45 \| 000,364,544 \| ---- \| M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009/06/03 15:43:14 \| 001,703,936 \| ---- \| M] () -- C:\Users\kim\AppData\Roaming\PictureMover\EN-US\Presentation.dll MOD - [2009/06/03 15:34:18 \| 003,764,224 \| ---- \| M] () -- C:\Users\kim\AppData\Roaming\PictureMover\Bin\Core.dll MOD - [2009/05/26 04:36:13 \| 000,656,896 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009/07/13 21:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/02/15 14:30:18 \| 000,158,856 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/09 18:10:28 \| 000,086,072 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011/03/28 18:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/07/12 12:53:00 \| 000,399,032 \| ---- \| M] (Cisco Systems, Inc.) [Auto \| Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/03/18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 20:16:06 \| 000,013,336 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/06/10 17:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/22 14:02:20 \| 000,250,616 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/03/01 02:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/10 13:58:01 \| 000,174,200 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/07/06 12:44:00 \| 000,034,288 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011/04/20 21:37:49 \| 000,386,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS) DRV:64bit: - [2011/03/30 23:00:09 \| 000,744,568 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/30 23:00:09 \| 000,040,568 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/14 22:31:23 \| 000,912,504 \| R--- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/03/11 02:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/18 16:36:58 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/01/27 02:47:10 \| 000,450,680 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 01:07:06 \| 000,171,128 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/11/20 09:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/12 12:53:00 \| 000,027,640 \| ---- \| M] (Cisco Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2010/03/03 19:51:40 \| 000,540,696 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/08/20 20:05:06 \| 000,239,616 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 21:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/16 07:32:14 \| 006,112,672 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 16:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/06/18 20:01:13 \| 001,161,376 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/06/14 14:39:24 \| 000,509,088 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120711.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/05/31 08:06:57 \| 000,484,512 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/05/31 08:06:57 \| 000,138,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/15 22:10:35 \| 002,068,600 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\ex64.sys -- (NAVEX15) DRV - [2012/05/15 22:10:35 \| 000,120,440 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\eng64.sys -- (NAVENG) DRV - [2009/07/13 21:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd IE - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/search/dispatc···language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {E715678E-6F58-4CEF-AB9F-F1F4D371F022} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···7ADRA_en IE - HKCU\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.com/web?q={SEARCHTERMS}&···US&ver=5 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.inbox.com/search/dispatc···0&lng=en IE - HKCU\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF:64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/05/04 11:50:39 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012/07/11 21:10:17 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: »www.google.com/ O1 HOSTS File: ([2009/06/10 17:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppData\Local\Temp\low\COUPON~1.DLL File not found O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [American Airlines DealFinder] C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe (Skinkers Communications) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe () O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} »access.ise.com/CACHE/stc/2/binar···nweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} »access.ise.com/CACHE/sdesktop/in···tweb.cab (CSD ActiveX Installer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAA253F-3C4D-4C3F-BE1D-9136017FB020}: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1 O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell - "" = AutoRun O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/11 21:54:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/07/11 21:54:08 \| 000,000,000 \| -H-D \| C] -- C:\Windows\AxInstSV [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| C] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe [2012/07/11 21:22:08 \| 000,000,000 \| ---D \| C] -- C:\Users\kim\AppData\Roaming\Malwarebytes [2012/07/11 21:22:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/11 21:22:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/07/11 21:22:02 \| 000,024,904 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/11 21:22:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/11 21:15:53 \| 001,133,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 21:15:53 \| 000,805,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/02 09:34:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/06/21 07:42:05 \| 002,622,464 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/21 07:42:05 \| 000,057,880 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/21 07:42:05 \| 000,044,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/21 07:41:54 \| 000,701,976 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/06/21 07:41:54 \| 000,099,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/06/21 07:41:54 \| 000,038,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/06/21 07:41:43 \| 000,186,752 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/21 07:41:43 \| 000,036,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/14 07:49:58 \| 005,559,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/14 07:49:57 \| 003,968,368 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/14 07:49:57 \| 003,913,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/14 07:49:49 \| 000,149,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/14 07:49:49 \| 000,077,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/14 07:49:49 \| 000,009,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/06/14 07:49:35 \| 003,216,384 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/14 07:48:08 \| 001,462,272 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/06/14 07:48:08 \| 000,140,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/06/13 08:09:01 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/13 08:09:01 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/13 08:09:01 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/13 08:09:01 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/13 08:09:00 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/13 08:09:00 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/13 08:09:00 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/13 08:09:00 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/13 08:08:58 \| 002,311,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/13 08:08:58 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/13 08:08:58 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/13 08:08:58 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/13 08:08:57 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/11 21:54:40 \| 002,095,484 \| ---- \| M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB [2012/07/11 21:53:09 \| 000,000,898 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe [2012/07/11 21:44:59 \| 000,001,180 \| ---- \| M] () -- C:\Users\kim\Desktop\My Pictures - Shortcut.lnk [2012/07/11 21:44:55 \| 000,001,153 \| ---- \| M] () -- C:\Users\kim\Desktop\My Music - Shortcut.lnk [2012/07/11 21:44:47 \| 000,001,193 \| ---- \| M] () -- C:\Users\kim\Desktop\My Documents - Shortcut.lnk [2012/07/11 21:22:03 \| 000,001,111 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/11 21:21:43 \| 000,002,016 \| ---- \| M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/07/11 21:20:20 \| 000,000,894 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/11 21:17:30 \| 000,015,984 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/11 21:17:30 \| 000,015,984 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/11 21:15:40 \| 000,726,444 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/11 21:15:40 \| 000,624,162 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/11 21:15:40 \| 000,106,538 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/11 21:10:10 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/07/11 21:10:06 \| 3213,537,280 \| -HS- \| M] () -- C:\hiberfil.sys [2012/07/04 10:11:21 \| 000,000,324 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForkim.job [2012/07/03 13:46:44 \| 000,024,904 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/02 09:34:24 \| 000,001,847 \| ---- \| M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/15 07:47:11 \| 000,329,176 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/12 19:17:36 \| 000,002,379 \| ---- \| M] () -- C:\Users\Public\Desktop\Norton 360.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/11 21:44:59 \| 000,001,180 \| ---- \| C] () -- C:\Users\kim\Desktop\My Pictures - Shortcut.lnk [2012/07/11 21:44:55 \| 000,001,153 \| ---- \| C] () -- C:\Users\kim\Desktop\My Music - Shortcut.lnk [2012/07/11 21:44:47 \| 000,001,193 \| ---- \| C] () -- C:\Users\kim\Desktop\My Documents - Shortcut.lnk [2012/07/11 21:22:03 \| 000,001,111 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/11 21:21:12 \| 000,002,016 \| ---- \| C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/07/11 21:21:11 \| 000,002,441 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/07/02 09:34:24 \| 000,001,847 \| ---- \| C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/01/21 13:10:43 \| 000,014,358 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1]_navi.JPG [2012/01/21 13:10:30 \| 000,029,401 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1].JPG [2012/01/21 13:10:30 \| 000,028,104 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1].0 [2011/11/13 21:08:36 \| 001,939,766 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUALHEALTHASSESS.0 [2011/11/13 21:08:36 \| 000,407,504 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUALHEALTHASSESS.JPG [2011/05/15 22:10:07 \| 000,001,854 \| ---- \| C] () -- C:\Users\kim\AppData\Roaming\GhostObjGAFix.xml [2010/08/15 10:02:13 \| 000,001,212 \| ---- \| C] () -- C:\Users\kim\AppData\Roaming\wklnhst.dat [2009/11/08 10:14:39 \| 000,129,173 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpHWEEN3[1].JPG [color=#E56717]========== LOP Check ==========[/color] [2009/12/31 22:17:40 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\American Airlines DealFinder [2011/07/31 11:13:04 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/11/01 20:47:07 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\PictureMover [2010/08/15 10:02:14 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\Template [2009/11/16 17:47:14 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\WinBatch [2012/05/01 07:55:50 \| 000,000,552 \| ---- \| M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2011/09/16 21:23:19 \| 000,032,646 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] -- He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain. Debunking the 2012 hysteria. \| Always looking for a new job \| Begging the Wilpons to sell the Mets.
	to forum · permalink · 2012-07-12 20:46:24 ·

Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3 Reviews: ·Verizon FiOS ·Vonage	EXTRAS.TXT OTL Extras logfile created on: 7/11/2012 9:47:31 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.99 Gb Total Physical Memory \| 1.80 Gb Available Physical Memory \| 45.12% Memory free 7.98 Gb Paging File \| 6.00 Gb Available in Paging File \| 75.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 453.72 Gb Total Space \| 398.72 Gb Free Space \| 87.88% Space Free \| Partition Type: NTFS Drive D: \| 11.95 Gb Total Space \| 2.17 Gb Free Space \| 18.19% Space Free \| Partition Type: NTFS Computer Name: KIM-PC \| User Name: kim \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications) "C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications) "C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0123D01B-9FDB-4D89-9182-7DD0186000EF}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{1AF780D4-DC33-462D-857C-1158A8B4765E}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{3187C89F-BE6C-4115-A8E4-59256725AF24}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{3327741C-E000-4024-B9A1-61B0BF775F15}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{38713877-20EB-43E8-9D2E-9D325ADC7A85}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{3ACB6018-B801-41CE-BF35-3D6A7B991B33}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{496A5525-8B11-4498-87E9-198D01897CA2}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{543E0CFD-AF41-4D92-9045-B7C67250246E}" = lport=10243 \| protocol=6 \| dir=in \| app=system \| "{658F0FA4-63AD-4F28-BDC2-C1FC692F9430}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{6B4AFB30-9429-479B-ADA3-A11993504559}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{6FBB2945-F8B9-4617-AA0A-56DDEAF2E636}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{7034A96B-027D-4B76-A20A-CF96EF7AB826}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{7B6DBD1E-C3CB-4886-A1B0-F89FD4D1D3ED}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{7BF04354-CA46-4753-93B8-D659B33B0A39}" = rport=10243 \| protocol=6 \| dir=out \| app=system \| "{A118F8F1-BB60-499F-8749-B2121CF4E0F3}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{AF30EA06-52D9-4E96-B520-9899AF0AEF49}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{B2B7BB87-83BF-45D7-9ED0-DE06D37B6232}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{C5426BD3-FA22-46D4-A188-080175D56FA3}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{CBEF0ED1-0258-4766-BDDF-A6B6F487CCCF}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{D153C395-D1A8-4CFA-9069-D12A2FF12293}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{D5FB5BDA-7E8B-43DD-9B9D-D6D5C2E15A81}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{D61D9534-B27C-4213-BA1E-16AE94F6262E}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{F0BCBB61-DFB1-4CAB-B396-0DD412248B58}" = lport=139 \| protocol=6 \| dir=in \| app=system \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09465775-2867-42A9-935F-C31A01C89643}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{13A9AC43-A5A5-49FE-BF27-2851F5508CB7}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe \| "{17626CE9-DE35-4555-86EA-9BECBB936462}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{1995747A-A66A-4118-AA79-D53B5A615722}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{1BAF501C-0C99-4217-BB6F-FB94AC9B9918}" = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{25CC5245-A258-4FFA-96BC-4582E8258371}" = protocol=17 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{326FA30D-9501-4DD6-A89F-A19EEB058361}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe \| "{363E2750-E3FF-4F69-B927-FC104D6CB7E6}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{3F512A65-E71B-4455-9964-63DF18393931}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe \| "{4065D34D-3CBC-4FD1-B47C-236A970F649D}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{46A32259-CB4D-46DA-B7A7-D31394591A52}" = dir=in \| app=c:\program files (x86)\itunes\itunes.exe \| "{473723DE-5F21-4A49-8DDA-BD333B4B43D3}" = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{48B89C30-B9B7-4BE4-89E2-CBC3828750D4}" = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{4A028820-CCF8-4F1F-8994-EE5D8F611C73}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe \| "{4B258193-1DCA-4409-8029-128D912F7A55}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe \| "{4BBC4292-49A4-4124-B874-FDC81866C7CE}" = dir=in \| app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe \| "{586CC949-E695-4BF3-BDC9-660B3A71AEBB}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{5A4BBCA3-C4FB-4AD6-8D03-8B665C1B9D30}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{5CB216D6-80F9-4567-BF5E-B51AC379B6DC}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe \| "{5EFC787D-53DB-407C-968D-65EAD107CC94}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe \| "{605789A6-2FB7-4A97-994B-7B6DCD0D3876}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{62BB38EB-3714-446E-8C98-5F39130DB581}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe \| "{65FD7CD5-7EDA-493F-BB5C-BAE64B8EC91E}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe \| "{7184B98C-BCE4-4415-AE77-829E01FA9198}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{7E9B213B-5C1B-4625-8E57-1897874680CD}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{80855AD1-9519-476F-8964-5FE3756097BC}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{8465BFCF-D3B9-4642-9033-9CFE4DC34240}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe \| "{85C9FA15-69BD-46B9-A243-3B83CD3B61FD}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe \| "{88CD7623-3B49-4A66-B2F3-ED64478BEB12}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{930B7BD4-711F-4D0D-B36C-620E0FB9C94D}" = protocol=6 \| dir=out \| app=system \| "{970E5F6C-8F82-4568-99FD-8A5E83BD3D2A}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{9DDC311C-99D3-411D-B339-AE42437975AB}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{9F252303-670F-4898-9A3F-9C336CA334D9}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{A05ED65F-1B57-40D6-84CA-E849E531EBF8}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe \| "{B10B035F-5C23-4CB7-887D-D0CD852943F3}" = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{BA02F517-797F-4F47-9D8B-727370A43F5C}" = protocol=6 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| "{BE4B3CE7-7C5B-416D-890F-647DD0757D4D}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe \| "{CA1A5CEF-84CC-48BA-9FFA-BD3CF020C4C5}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe \| "{CBD5BA76-0B38-4CB2-9AA1-4D6B6E8EDC8A}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{DD31F8E9-3961-4E8C-AE33-6913C1F30C61}" = dir=in \| app=c:\program files (x86)\skype\phone\skype.exe \| "{EB32928F-4DF1-4D44-940A-5B6CBDC1909E}" = dir=in \| app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe \| "{FC63B8ED-AAC5-4DD5-ADAD-50373268EADC}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe \| "{FFD26CBB-A4CA-48EC-A2B3-3D3B4C9CD5B0}" = dir=in \| app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe \| "TCP Query User{2AB5CF94-452E-45C3-873A-3F5177192F5E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\internet explorer\iexplore.exe \| "UDP Query User{2540F9CC-366B-4374-BAEB-730A48E3D649}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\internet explorer\iexplore.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OfficeTrial" = Microsoft Office Home and Student 60 day trial "PC-Doctor for Windows" = Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "Adobe AIR" = Adobe AIR "American Airlines DealFinder" = American Airlines DealFinder (remove only) "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "Homepage Protection" = Homepage Protection "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "N360" = Norton 360 "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SelectRebatesUninstall" = ShopAtHome SelectRebates "TTB000001.TTB000001Toolbar" = CouponBar "WildTangent hp Master Uninstall" = HP Games "YTdetect" = Yahoo! Detect "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 6/25/2012 11:17:34 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4555 Error - 6/25/2012 11:17:35 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/25/2012 11:17:35 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5553 Error - 6/25/2012 11:17:35 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5553 Error - 6/25/2012 11:17:36 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/25/2012 11:17:36 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6552 Error - 6/25/2012 11:17:36 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6552 Error - 6/25/2012 11:17:37 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/25/2012 11:17:37 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7550 Error - 6/25/2012 11:17:37 AM \| Computer Name = kim-PC \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7550 [ Hewlett-Packard Events ] Error - 5/13/2012 3:14:40 PM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/16/2012 7:51:13 AM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 4000 Description = Error - 5/16/2012 7:54:31 AM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 4000 Description = Error - 5/16/2012 8:03:15 AM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/16/2012 8:03:15 AM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/21/2012 8:24:08 PM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/21/2012 8:24:09 PM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/27/2012 12:04:03 PM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 5/27/2012 12:04:03 PM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) Error - 6/3/2012 11:35:52 AM \| Computer Name = kim-PC \| Source = HPSF.exe \| ID = 2000 Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow, Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) [ System Events ] Error - 9/5/2011 11:00:52 AM \| Computer Name = kim-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 9/6/2011 8:19:11 AM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error - 9/6/2011 8:20:15 AM \| Computer Name = kim-PC \| Source = DCOM \| ID = 10010 Description = Error - 9/28/2011 10:48:50 PM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error - 10/4/2011 8:01:57 AM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 10/4/2011 8:02:06 AM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 10/4/2011 8:03:06 AM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056 Error - 10/15/2011 10:59:37 PM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 10/30/2011 10:32:29 AM \| Computer Name = kim-PC \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 10/30/2011 12:51:17 PM \| Computer Name = kim-PC \| Source = DCOM \| ID = 10010 Description = CHECKUP.TXT Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! ESET Online Scanner v3 Norton 360 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Java(TM) 6 Update 26 [color=red]Out of date Java installed![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Norton ccSvcHst.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log```````````` ESET ONLINE SCANNER(FOUND NOTHING) ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK -- He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain. Debunking the 2012 hysteria. \| Always looking for a new job \| Begging the Wilpons to sell the Mets.
	to forum · permalink · 2012-07-12 20:48:20 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to Jeffrey The logs are clean of anything major. There are a few items, however, that need to be removed. Also I want to do a deeper check for rootkits as a safety measure. First: Please use Add/Remove Programs to uninstall the programs listed below. All have adware and privacy issues. "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "SelectRebatesUninstall" = ShopAtHome SelectRebates "TTB000001.TTB000001Toolbar" = CouponBar Second: Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-13 10:35:34 ·
Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3 Reviews: ·Verizon FiOS ·Vonage	said by LoPhatPhuud: First: Please use Add/Remove Programs to uninstall the programs listed below. All have adware and privacy issues. "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "SelectRebatesUninstall" = ShopAtHome SelectRebates "TTB000001.TTB000001Toolbar" = CouponBar Done. said by LoPhatPhuud: Second: Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications Done. I installed and ran Sophos Anti-Rootkit, but it would only let me check "Windows Registry" and "Local Hard Drives". The "Running Processes" box was greyed-out. ophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc Started logging on 7/13/2012 at 18:55:01 PM User "kim" on computer "KIM-PC" Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d6\cltLMS1.dat Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d6\cltLMS2.dat Hidden: file C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\De finitions\VirusDefs\20120711.018\VersionInfo.dat Hidden: file C:\Windows\SysWOW64\en-US\osk.exe.mui Hidden: file C:\Windows\System32\nshipsec.dll Info: Starting disk scan of D: (NTFS). Hidden: file D:\hp\Apps\APP04585\src\ISSetup.dll Hidden: file D:\hp\Apps\APP04585\src\Power2Go.Gadget\images\audio\audio0001.png Stopped logging on 7/14/2012 at 10:45:28 AM (The scan didn't really take over-night, but I fell asleep and it looks like the PC went to sleep itself, and paused the scan.) -- He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain. Debunking the 2012 hysteria. \| Always looking for a new job \| Begging the Wilpons to sell the Mets.
	to forum · permalink · 2012-07-14 11:01:16 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to Jeffrey Everything looks ok. One more item to remove via Add/Remove Programs: Inbox Toolbar Once you have that removed, run OTL again, and post the new log in this thread. Note that there will not be a new Extras log. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-14 11:19:32 ·
Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3 Reviews: ·Verizon FiOS ·Vonage 1 edit	Thank you. I removed that program, and here is the new OTL log. OTL logfile created on: 7/14/2012 4:10:41 PM - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.99 Gb Total Physical Memory \| 2.41 Gb Available Physical Memory \| 60.43% Memory free 7.98 Gb Paging File \| 6.30 Gb Available in Paging File \| 79.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 453.72 Gb Total Space \| 400.16 Gb Free Space \| 88.20% Space Free \| Partition Ty pe: NTFS Drive D: \| 11.95 Gb Total Space \| 2.17 Gb Free Space \| 18.19% Space Free \| Partition Type: NTFS Computer Name: KIM-PC \| User Name: kim \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/12 20:26:39 \| 000,686,280 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Wi ndows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe PRC - [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| M] (OldTimer Tools) -- C:\Users\kim\Desk top\OTL.exe PRC - [2012/02/24 09:09:05 \| 000,307,824 \| ---- \| M] (Google Inc.) -- C:\Program Files (x8 6)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe PRC - [2011/03/28 18:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) -- C:\Progr am Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/07/12 12:53:00 \| 000,399,032 \| ---- \| M] (Cisco Systems, Inc.) -- C:\Program F iles (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010/03/03 20:16:06 \| 000,013,336 \| ---- \| M] (Intel Corporation) -- C:\Program Fil es (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/03 20:16:04 \| 000,284,696 \| ---- \| M] (Intel Corporation) -- C:\Program Fil es (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/12/01 20:49:52 \| 000,210,216 \| ---- \| M] (CyberLink) -- c:\Program Files (x86) \Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/10/20 14:50:34 \| 000,128,296 \| ---- \| M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009/06/03 15:35:16 \| 000,430,080 \| ---- \| M] (Hewlett-Packard Company) -- C:\Progr am Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2009/05/26 04:36:13 \| 000,656,896 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2009/03/17 04:26:16 \| 000,759,728 \| ---- \| M] (Skinkers Communications) -- C:\Progr am Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe PRC - [2008/11/20 13:47:28 \| 000,062,768 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/06/15 07:47:54 \| 012,436,480 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms .ni.dll MOD - [2012/06/14 08:25:17 \| 014,340,608 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramewor k.ni.dll MOD - [2012/06/14 08:25:01 \| 001,591,808 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/14 08:24:57 \| 012,237,824 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/12 09:54:36 \| 001,051,136 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dl l MOD - [2012/05/12 09:54:35 \| 000,452,608 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012/05/12 09:49:50 \| 000,368,128 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramewor k.Aero.ni.dll MOD - [2012/05/12 09:49:37 \| 000,771,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remot ing.ni.dll MOD - [2012/05/12 09:49:36 \| 006,611,456 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/12 09:49:11 \| 000,185,344 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dl l MOD - [2012/05/12 09:49:03 \| 003,347,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/12 09:48:59 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/12 09:48:56 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration .ni.dll MOD - [2012/05/12 09:48:55 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/12 09:48:50 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/02/07 09:00:21 \| 000,036,920 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\HP .ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files (x86)\Common F iles\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files (x86)\Common F iles\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/04 21:58:05 \| 002,927,616 \| ---- \| M] () -- C:\Windows\assembly\GAC_32\Syst em.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/06/30 00:12:54 \| 000,061,440 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/06/30 00:12:52 \| 000,131,072 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/06/30 00:12:42 \| 000,040,960 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingServer.dll MOD - [2010/06/30 00:12:40 \| 000,036,864 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingClients.dll MOD - [2010/06/30 00:12:40 \| 000,007,680 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\RemotingClient.dll MOD - [2010/06/30 00:12:40 \| 000,005,632 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingInterface.dll MOD - [2010/06/30 00:12:36 \| 000,018,944 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingMessages.dll MOD - [2010/06/30 00:12:18 \| 000,028,672 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/12/01 20:49:50 \| 000,931,112 \| ---- \| M] () -- c:\Program Files (x86)\Hewlett- Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/07/13 21:15:45 \| 000,364,544 \| ---- \| M] () -- C:\Windows\SysWOW64\msjetoledb4 0.dll MOD - [2009/06/03 15:43:14 \| 001,703,936 \| ---- \| M] () -- C:\Users\kim\AppData\Roaming\Pi ctureMover\EN-US\Presentation.dll MOD - [2009/06/03 15:34:18 \| 003,764,224 \| ---- \| M] () -- C:\Users\kim\AppData\Roaming\Pi ctureMover\Bin\Core.dll MOD - [2009/05/26 04:36:13 \| 000,656,896 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Remote Solution\HP_Remote_Solution.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009/07/13 21:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/12 20:26:39 \| 000,250,056 \| ---- \| M] (Adobe Systems Incorporated) [On_Dema nd \| Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (Adobe FlashPlayerUpdateSvc) SRV - [2012/02/15 14:30:18 \| 000,158,856 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/09 18:10:28 \| 000,086,072 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Run ning] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- ( HP Support Assistant Service) SRV - [2011/04/16 20:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Auto \| Runnin g] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011/03/28 18:07:50 \| 000,094,264 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Run ning] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe ) SRV - [2010/07/12 12:53:00 \| 000,399,032 \| ---- \| M] (Cisco Systems, Inc.) [Auto \| Running ] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/03/18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopp ed] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4. 0.30319_32) SRV - [2010/03/03 20:16:06 \| 000,013,336 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/06/10 17:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| S topped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization _v2.0.50727_32) SRV - [2009/05/22 14:02:20 \| 000,250,616 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stop ped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameCon soleService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/03/01 02:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/10 13:58:01 \| 000,174,200 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEv ent) DRV:64bit: - [2011/07/06 12:44:00 \| 000,034,288 \| ---- \| M] (GEAR Software Inc.) [K ernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiW DM) DRV:64bit: - [2011/04/20 21:37:49 \| 000,386,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sy s -- (SymNetS) DRV:64bit: - [2011/03/30 23:00:09 \| 000,744,568 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\sr tsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/30 23:00:09 \| 000,040,568 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.s ys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/14 22:31:23 \| 000,912,504 \| R--- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa6 4.sys -- (SymEFA) DRV:64bit: - [2011/03/11 02:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices ) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices ) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/18 16:36:58 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/01/27 02:47:10 \| 000,450,680 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 01:07:06 \| 000,171,128 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sy s -- (SymIRON) DRV:64bit: - [2010/11/20 09:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Compan y) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/12 12:53:00 \| 000,027,640 \| ---- \| M] (Cisco Systems, Inc.) [ Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2010/05/26 10:39:08 \| 000,006,144 \| ---- \| M] (Sophos Plc) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\9DEE.tmp -- (MEMSWEEP2) DRV:64bit: - [2010/03/03 19:51:40 \| 000,540,696 \| ---- \| M] (Intel Corporation) [Ke rnel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/08/20 20:05:06 \| 000,239,616 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\driv ers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 21:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kern el \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [K ernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/16 07:32:14 \| 006,112,672 \| ---- \| M] (Intel Corporation) [Ke rnel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 16:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Wor ks, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- ( hcw85cir) DRV - [2012/06/18 20:01:13 \| 001,161,376 \| ---- \| M] (Symantec Corporation) [Kernel \| Syst em \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.2 9\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/06/14 14:39:24 \| 000,509,088 \| ---- \| M] (Symantec Corporation) [Kernel \| Syst em \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.2 9\Definitions\IPSDefs\20120713.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/05/31 08:06:57 \| 000,484,512 \| ---- \| M] (Symantec Corporation) [Kernel \| Syst em \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/05/31 08:06:57 \| 000,138,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_D emand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtil RebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/15 22:10:35 \| 002,068,600 \| ---- \| M] (Symantec Corporation) [Kernel \| On_D emand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1. 0.29\Definitions\VirusDefs\20120713.035\ex64.sys -- (NAVEX15) DRV - [2012/05/15 22:10:35 \| 000,120,440 \| ---- \| M] (Symantec Corporation) [Kernel \| On_D emand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1. 0.29\Definitions\VirusDefs\20120713.035\eng64.sys -- (NAVENG) DRV - [2009/07/13 21:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.r edirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA99 90} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ht tp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?} &ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = ht tp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = ht tp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect. hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank .htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com /svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.googl e.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEnco ding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.c om/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing. com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect. hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/ search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com /svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {E715678E-6F58-4CEF-AB9F-F1F4D371F022} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.googl e.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEnco ding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en IE - HKCU\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.c om/web?q={searchterms}&l=dis&o=ushpd IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.c om/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.i nbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80110&lng=en IE - HKCU\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing. com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = * .local [color=#E56717]========== FireFox ==========[/color] FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Prog ram Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iT unes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Go ogle\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\b in\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86 )\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Fi les (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Fi les (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Re ader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-4176 4D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSF FPlgn\ [2012/05/04 11:50:39 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2 F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFF Plgn_2011_7_9_4 [2012/07/14 15:46:50 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: »www.google.com/ O1 HOSTS File: ([2009/06/10 17:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\dri vers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files ( x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppDat a\Local\Temp\low\COUPON~1.DLL File not found O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Pr ogram Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\ Common Files\Homepage Protection\HomepageProtection.dll (AOL Products) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Fil es (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD 4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8 414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\ AppData\Local\Temp\low\CouponsBar.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Progr am Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18 -009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C: \Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corpora tion) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corpora tion) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corp oration) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\ SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [American Airlines DealFinder] C:\Program Files (x86)\American Airlines D ealFinder\American_Airlines_DealFinder.exe (Skinkers Communications) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application S upport\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Sol ution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.ex e (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technolo gy\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Onlin e Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITr ansfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChan ges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehavior Admin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehavior User = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Progr am Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A. ) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techno logies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program File s\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\ mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} »access.ise.com/CACHE/stc/2/binar ies/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} »access.ise.com/CACHE/sdesktop/in stall/binaries/instweb.cab (CSD ActiveX Installer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/Onl ineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlusP lus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.22 0.220 167.206.254.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAA253F-3C4D-4C3F-BE1D-913601 7FB020}: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Pro gram Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S. A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Micro soft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Wind ows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windo ws\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microso ft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNativ e\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID va lue found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell - "" = AutoRun O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell\AutoRun\command - "" = J:\ TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/13 18:54:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\Sophos [2012/07/13 18:54:51 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Sophos [2012/07/12 20:26:39 \| 000,426,184 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerApp.exe [2012/07/11 21:54:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/07/11 21:50:16 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\mshtmled.dll [2012/07/11 21:50:16 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\mshtmled.dll [2012/07/11 21:50:15 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ieui.dll [2012/07/11 21:50:15 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\url.dll [2012/07/11 21:50:15 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\url.dll [2012/07/11 21:50:15 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\ieui.dll [2012/07/11 21:50:14 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ieUnatt.exe [2012/07/11 21:50:14 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\ieUnatt.exe [2012/07/11 21:50:13 \| 002,311,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\jscript9.dll [2012/07/11 21:50:13 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\inetcpl.cpl [2012/07/11 21:50:13 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\inetcpl.cpl [2012/07/11 21:50:13 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\jscript.dll [2012/07/11 21:50:13 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\jscript.dll [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| C] (OldTimer Tools) -- C:\Users\kim\Desktop\OT L.exe [2012/07/11 21:22:08 \| 000,000,000 \| ---D \| C] -- C:\Users\kim\AppData\Roaming\Malwarebyte s [2012/07/11 21:22:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\Malwarebytes' Anti-Malware [2012/07/11 21:22:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/07/11 21:22:02 \| 000,024,904 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\Sy sNative\drivers\mbam.sys [2012/07/11 21:22:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Ant i-Malware [2012/07/11 21:16:00 \| 000,307,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ncrypt.dll [2012/07/11 21:15:57 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\msxml3r.dll [2012/07/11 21:15:57 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\msxml3r.dll [2012/07/11 21:15:53 \| 001,133,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\cdosys.dll [2012/07/11 21:15:53 \| 000,805,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWo w64\cdosys.dll [2012/07/02 09:34:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\QuickTime [2012/06/21 07:42:05 \| 002,622,464 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wucltux.dll [2012/06/21 07:42:05 \| 000,057,880 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuauclt.exe [2012/06/21 07:42:05 \| 000,044,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wups2.dll [2012/06/21 07:41:54 \| 000,701,976 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuapi.dll [2012/06/21 07:41:54 \| 000,099,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wudriver.dll [2012/06/21 07:41:54 \| 000,038,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wups.dll [2012/06/21 07:41:43 \| 000,186,752 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuwebv.dll [2012/06/21 07:41:43 \| 000,036,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuapp.exe [2 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/14 16:06:50 \| 000,000,894 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMach ineCore.job [2012/07/14 15:54:01 \| 000,015,984 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-49 7e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 15:54:01 \| 000,015,984 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-49 7e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 15:53:00 \| 000,000,898 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMach ineUA.job [2012/07/14 15:50:57 \| 000,726,444 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup .INI [2012/07/14 15:50:57 \| 000,624,162 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/14 15:50:57 \| 000,106,538 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/14 15:46:42 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/07/14 15:46:38 \| 3213,537,280 \| -HS- \| M] () -- C:\hiberfil.sys [2012/07/14 15:45:31 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player U pdater.job [2012/07/13 18:53:16 \| 000,000,000 \| ---- \| M] () -- C:\install.rdf [2012/07/12 20:26:39 \| 000,426,184 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerApp.exe [2012/07/12 20:26:39 \| 000,070,344 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerCPLApp.cpl [2012/07/12 20:25:39 \| 000,329,176 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/11 21:46:46 \| 000,596,480 \| ---- \| M] (OldTimer Tools) -- C:\Users\kim\Desktop\OT L.exe [2012/07/11 21:44:59 \| 000,001,180 \| ---- \| M] () -- C:\Users\kim\Desktop\My Pictures - Sh ortcut.lnk [2012/07/11 21:44:55 \| 000,001,153 \| ---- \| M] () -- C:\Users\kim\Desktop\My Music - Short cut.lnk [2012/07/11 21:44:47 \| 000,001,193 \| ---- \| M] () -- C:\Users\kim\Desktop\My Documents - S hortcut.lnk [2012/07/11 21:22:03 \| 000,001,111 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/11 21:21:43 \| 000,002,016 \| ---- \| M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/07/04 10:11:21 \| 000,000,324 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForkim. job [2012/07/03 13:46:44 \| 000,024,904 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\Sy sNative\drivers\mbam.sys [2012/07/02 09:34:24 \| 000,001,847 \| ---- \| M] () -- C:\Users\Public\Desktop\QuickTime Pla yer.lnk [2 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/13 18:53:16 \| 000,000,000 \| ---- \| C] () -- C:\install.rdf [2012/07/12 20:26:41 \| 000,000,830 \| ---- \| C] () -- C:\Windows\tasks\Adobe Flash Player U pdater.job [2012/07/11 21:44:59 \| 000,001,180 \| ---- \| C] () -- C:\Users\kim\Desktop\My Pictures - Sh ortcut.lnk [2012/07/11 21:44:55 \| 000,001,153 \| ---- \| C] () -- C:\Users\kim\Desktop\My Music - Short cut.lnk [2012/07/11 21:44:47 \| 000,001,193 \| ---- \| C] () -- C:\Users\kim\Desktop\My Documents - S hortcut.lnk [2012/07/11 21:22:03 \| 000,001,111 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/11 21:21:12 \| 000,002,016 \| ---- \| C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/07/11 21:21:11 \| 000,002,441 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Star t Menu\Programs\Adobe Reader 9.lnk [2012/07/02 09:34:24 \| 000,001,847 \| ---- \| C] () -- C:\Users\Public\Desktop\QuickTime Pla yer.lnk [2012/01/21 13:10:43 \| 000,014,358 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1]_navi.JPG [2012/01/21 13:10:30 \| 000,029,401 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1].JPG [2012/01/21 13:10:30 \| 000,028,104 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1].0 [2011/11/13 21:08:36 \| 001,939,766 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUA LHEALTHASSESS.0 [2011/11/13 21:08:36 \| 000,407,504 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUA LHEALTHASSESS.JPG [2011/05/15 22:10:07 \| 000,001,854 \| ---- \| C] () -- C:\Users\kim\AppData\Roaming\GhostObj GAFix.xml [2010/08/15 10:02:13 \| 000,001,212 \| ---- \| C] () -- C:\Users\kim\AppData\Roaming\wklnhst. dat [2009/11/08 10:14:39 \| 000,129,173 \| ---- \| C] () -- C:\Users\kim\AppData\Local\tmpHWEEN3[ 1].JPG [color=#E56717]========== LOP Check ==========[/color] [2009/12/31 22:17:40 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\American Ai rlines DealFinder [2011/07/31 11:13:04 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\com.adobe.m auby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/11/01 20:47:07 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\PictureMove r [2010/08/15 10:02:14 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\Template [2009/11/16 17:47:14 \| 000,000,000 \| ---D \| M] -- C:\Users\kim\AppData\Roaming\WinBatch [2012/05/01 07:55:50 \| 000,000,552 \| ---- \| M] () -- C:\Windows\Tasks\PCDRScheduledMainten ance.job [2011/09/16 21:23:19 \| 000,032,646 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] End of report -- He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain. Debunking the 2012 hysteria. \| Always looking for a new job \| Begging the Wilpons to sell the Mets.
	to forum · permalink · 2012-07-14 16:55:44 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to Jeffrey OK, just some cleanup for junk the uninstallers dod not remove and we should be done. Run OTL []Under the Custom Scans/Fixes* box at the bottom, copy and paste the contents of the following box: :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/ search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.i nbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80110&lng=en O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppDat a\Local\Temp\low\COUPON~1.DLL File not found O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\ AppData\Local\Temp\low\CouponsBar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C: \Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found :Services :Reg :Files :Commands [purity] [emptytemp] [EMPTYFLASH] [Reboot] []Then click the Run Fix* button at the top []Let the program run unhindered, reboot the PC when it is done []Once you see a message box "Fix complete! Click OK to open the fix log." []Click the OK button []The log will open in Notepad (your default text editor). {]Save the log. Post a copy of that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-14 17:19:03 ·
Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3 Reviews: ·Verizon FiOS ·Vonage	Here is the copy of the log from OTL after the last set of instructions. It did ask for a reboot, so I did it. Then on reboot, I Norton360 flagged OTL as a virus, which it wasn't, so I just had to deal with that. (Oddly, 360 called OTL a virus from the first download link in the instructions at the top of this forum, but it called OTL "safe" from the second download link.) Anyway, here is the OTL log that I found by going into Notepad and finding it in the _OTL folder from C:. All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar\| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22 -5AEC-4561-8F49-27F6269208F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208 F6}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B878 3A}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930- 2E9E-76D8-BACC-80DF2188D455} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D4 55}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ {5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D4 55}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: kim ->Temp folder emptied: 6827635 bytes ->Temporary Internet Files folder emptied: 13028382 bytes ->Java cache emptied: 12049796 bytes ->Google Chrome cache emptied: 6260932 bytes ->Flash cache emptied: 107215 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 12288 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 851640 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Inte rnet Files folder emptied: 36045734 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 72.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: kim ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07152012_085544 Files\Folders moved on Reboot... File move failed. C:\Users\kim\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be m oved on reboot. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SN9D XSV9\ads[4].htm moved successfully. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SN9D XSV9\ddc[1].htm moved successfully. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J3B0 8Q6I\ads[2].htm moved successfully. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J3B0 8Q6I\ads[3].htm moved successfully. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT mov ed successfully. File move failed. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Lo w\SuggestedSites.dat scheduled to be moved on reboot. PendingFileRenameOperations files... [2012/07/14 16:07:01 \| 000,000,000 \| ---- \| M] () C:\Users\kim\AppData\Local\Temp\FXSAPIDe bugLogFile.txt : Unable to obtain MD5 File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \SN9DXSV9\ads[4].htm not found! File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \SN9DXSV9\ddc[1].htm not found! File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \J3B08Q6I\ads[2].htm not found! File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \J3B08Q6I\ads[3].htm not found! File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DA T not found! [2012/07/12 20:28:49 \| 005,242,991 \| ---- \| M] () C:\Users\kim\AppData\Local\Microsoft\Win dows\Temporary Internet Files\Low\SuggestedSites.dat : Unable to obtain MD5 Registry entries deleted on Reboot... -- He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain. Debunking the 2012 hysteria. \| Always looking for a new job \| Begging the Wilpons to sell the Mets.
	to forum · permalink · 2012-07-15 12:16:27 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to Jeffrey OK, we're finished. Cleanup instructions follow.. Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete Sophos AntiRootkit If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-15 12:26:51 ·
Jeffrey Connoisseur of leisurely things Premium join:2002-12-24 Long Island kudos:3	reply to Jeffrey Thank you very much for the help. Much appreciated.
	to forum · permalink · 2012-07-15 13:18:19 ·

Broadband Tech > Security > Security Cleanup > Is this PC infected?