Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP PLEASE! SLOW / NON-RESPONSIVE COMPUTER


  • Please log in to reply

#1
nanabentley

nanabentley

    Member

  • Member
  • PipPip
  • 37 posts
Hi my name is Colleen and I have a Compaq Presario CQ60-421NR Notebook PC. It has 3GB of Ram, Pentium Dual-Core CPU T4300 @ 2.10GHZ, 32-bit operating system, 300GB hard drive, running Windows Vista Home Premium SP2. Anyways, I had loaned my laptop to my grandson and when I got it back and I tried to go on the internet and it was very very slow. There is a blue circle in the address bar that just spins and spins or stops altogether. When it does that I cannot even close the browser window without going to task manager and closing it that way. It has gotten worse everyday. There are also 71 to 78 processes going at one time and I am unsure which ones are okay to not have running. It never use to have that many going and I dont want to shut down the wrong things. I believe that I may have a virus or at the very least mal-ware, trojan, etc.... Hopefully someone can help me to figure this out. I have run OTL and am going to paste the logs. There are 2 pages for some reason. Here you go, and thank you guys in advance for the wonderful job that you do for us. You are the greatest.....

OTL logfile created on: 11/7/2011 1:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colleen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.91% Memory free
6.09 Gb Paging File | 4.75 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 26.14 Gb Free Space | 9.10% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.78 Gb Free Space | 16.30% Space Free | Partition Type: NTFS

Computer Name: COLLEEN-PC | User Name: Colleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 13:02:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
PRC - [2011/08/17 22:52:34 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/07/29 06:39:31 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 08:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/23 16:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/10/06 08:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl04b601aa)
DRV - [2011/11/07 04:45:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77B0CC1D-EE49-4F51-9B84-661284A86723}\MpKsl9be2cd24.sys -- (MpKsl9be2cd24)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/10 20:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/06/29 06:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 08:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 18:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Colleen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)


[2011/10/31 08:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colleen\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2011/09/30 14:32:16 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Colleen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23564F98-F41A-44C0-B2B4-4EDA3ED75BA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89606978-4C2F-4DB5-AFD3-5C150929714F}: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{727bc8c8-3ab1-11e0-93b4-001f16de1f34}\Shell - "" = AutoRun
O33 - MountPoints2\{727bc8c8-3ab1-11e0-93b4-001f16de1f34}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 13:02:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
[2011/11/05 21:59:44 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Local\Apple
[2011/11/04 13:48:51 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Local\Adobe
[2011/11/04 13:43:09 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Local\Apple Computer
[2011/11/02 06:12:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/31 08:31:36 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Roaming\Mozilla
[2011/10/20 06:52:18 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Roaming\HpUpdate
[2011/10/20 06:52:14 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/01/15 18:27:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Colleen\AppData\Roaming\pcouffin.sys
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/07 13:02:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
[2011/11/07 12:35:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 12:29:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 12:29:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 10:58:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2792044982-186715216-3042290125-1000UA.job
[2011/11/07 10:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 00:57:41 | 000,607,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 00:57:41 | 000,105,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/06 23:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 23:16:51 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/11/06 23:16:50 | 000,000,680 | ---- | M] () -- C:\Users\Colleen\AppData\Local\d3d9caps.dat
[2011/11/06 23:15:05 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 16:58:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2792044982-186715216-3042290125-1000Core.job
[2011/10/24 11:18:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForColleen.job
[2011/10/20 19:12:34 | 000,000,663 | ---- | M] () -- C:\Users\Colleen\AppData\Roaming\vso_ts_preview.xml
[2011/10/13 02:31:12 | 000,319,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/03 12:24:55 | 000,000,680 | ---- | C] () -- C:\Users\Colleen\AppData\Local\d3d9caps.dat
[2011/07/13 18:09:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/13 18:09:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/07 19:40:47 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
[2011/01/15 18:28:18 | 000,000,663 | ---- | C] () -- C:\Users\Colleen\AppData\Roaming\vso_ts_preview.xml
[2011/01/15 18:27:25 | 000,087,608 | ---- | C] () -- C:\Users\Colleen\AppData\Roaming\inst.exe
[2011/01/15 18:27:25 | 000,007,887 | ---- | C] () -- C:\Users\Colleen\AppData\Roaming\pcouffin.cat
[2011/01/15 18:27:25 | 000,001,144 | ---- | C] () -- C:\Users\Colleen\AppData\Roaming\pcouffin.inf
[2011/01/01 18:42:14 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/01/01 18:42:14 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/11/01 19:07:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/01 19:07:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/29 19:08:59 | 000,086,016 | ---- | C] () -- C:\Users\Colleen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 14:16:26 | 000,002,870 | ---- | C] () -- C:\Users\Colleen\AppData\Roaming\wklnhst.dat
[2010/10/26 19:59:37 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/22 06:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 12:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 12:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 06:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,319,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,356 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/12/29 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\Canon
[2011/01/18 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/09 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\DriverFinder
[2011/02/01 00:46:27 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\eBay
[2011/07/17 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\iWin
[2011/04/25 19:29:40 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\Masque
[2011/01/15 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\muvee Technologies
[2011/09/30 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\redsn0w
[2011/07/13 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/09/08 01:02:18 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\SoftGrid Client
[2011/02/22 21:37:54 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\SpinTop
[2011/04/21 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\SpinTop Games
[2011/05/03 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\Template
[2011/05/03 17:34:24 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\TP
[2011/11/06 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\uTorrent
[2011/06/25 05:14:15 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\V-Games
[2011/10/20 19:10:21 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\Vso
[2011/05/21 07:13:48 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\WildTangent
[2011/05/19 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Colleen\AppData\Roaming\WindSolutions
[2011/11/06 16:58:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2792044982-186715216-3042290125-1000Core.job
[2011/11/07 10:58:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2792044982-186715216-3042290125-1000UA.job
[2011/11/03 06:31:03 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:AA199F0F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:178D4338
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:4AC9B4B7

< End of report >


OTL Extras logfile created on: 11/7/2011 1:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colleen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.91% Memory free
6.09 Gb Paging File | 4.75 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 26.14 Gb Free Space | 9.10% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.78 Gb Free Space | 16.30% Space Free | Partition Type: NTFS

Computer Name: COLLEEN-PC | User Name: Colleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C647AF-58AD-4AE6-8B2A-24700F5CB074}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C7287AE-5B96-49D1-97EC-211702DC0794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E1B021E-2205-46D9-A7AF-3A0E2C8F0682}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0FFAC91A-8B7A-4962-A50D-16F623E7E0FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20D2137B-8207-421A-AD7B-23E217EEC4D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{263C83E8-0B32-41C8-9181-E4EC1645EA9A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DBE5F1E-FE79-41D3-8E4A-B6238E700D12}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EA6ECA3-E6BE-4276-B392-924FAED58E0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B5C2DEC-FEE0-4CDC-BDBD-800DF26B1B39}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F072FF6-7DEA-4562-96A2-5B3CAA9FA4D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C172AC1-AE44-4E19-B100-7DE02D95411F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{89FDC1D1-2770-4F1D-8AA4-256CD3718853}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3169EAC-5BA6-41CB-BA54-388E2F40467B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4D7F710-0586-48A0-B8FF-A759811C3563}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AFB8BA57-5F39-4B02-B374-A68A98F738F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9E1AE09-5BF7-4D09-8EB7-DD4C77B8F41F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB1F4DCA-1A60-496B-BDAE-61E473B635D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0078F205-B1BA-46EF-9ED2-EA1502CE2CD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0318B7D9-160A-4D46-8017-6EA7467AF0F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0524AD25-DB6C-41F3-8F81-106C66E8F271}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F39DD7A-F4FD-40F1-816C-C29AFE028719}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1DC56694-165E-41B1-908E-F4C10BBEBCDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{260800AA-398C-43C0-9839-1CD608303273}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{310C4F57-EF1E-4364-B391-BFEEA26BE619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47F9A643-A020-43F6-BDD5-4AEA163F04E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4A872011-5723-4777-8549-4F9FAB014A25}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{4B3A7198-0432-4184-98B5-B69F6343C25F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{542DDF62-1608-4706-9E5F-C2F064F39A5E}" = dir=in | app=c:\users\colleen\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5A20BCD2-D166-45C3-B0A0-3360770110B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF22ADB-27FB-44A8-90CA-8A1694B4DD03}" = protocol=6 | dir=out | app=system |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76AF078B-ACC9-41E6-B7E5-E2DE9FFCC2AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{781F269A-00F5-4D8C-80DB-0D35660EE0CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCABB884-63F7-4968-86B8-ED1E5C8D408A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C64AAC5B-B8CA-4C1A-88A4-14E8007AF85C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{DAE0092A-30D0-4205-A595-EC1F14868C67}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E2BFCABC-6639-496C-B90C-B7A33D8960B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E926FDC9-786C-4CAD-BB7E-1EE5646A75D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1FB6C2F-2D8C-48FF-9316-3659431D5355}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{91F24EA9-2B8B-4CDE-A38F-0EEC2284CC41}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{92DE295F-CE4B-4330-972F-41583A75B649}C:\users\colleen\desktop\tinyumbrella-5.00.11.exe" = protocol=6 | dir=in | app=c:\users\colleen\desktop\tinyumbrella-5.00.11.exe |
"UDP Query User{19EE4041-41D8-40E3-B2A9-7CD6E84A9740}C:\users\colleen\desktop\tinyumbrella-5.00.11.exe" = protocol=17 | dir=in | app=c:\users\colleen\desktop\tinyumbrella-5.00.11.exe |
"UDP Query User{71E48ECF-DB5B-4F72-BC04-84CD9DD34058}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0346D86C-D5F6-41FF-949B-01329CA424ED}" = Mysteries of Cleopatra
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E327F60-8679-4C52-B0CB-772049D70358}" = American Adventure
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F47B03B-998D-4331-A887-4E032EE1F04C}" = TNT
"{0FE4ED06-4FC1-4D8B-9A0F-6A95F1831395}" = Space
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{63A731FF-B6E8-4E80-9108-75FD3C7415D0}" = Mirage
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75C31651-35FC-4124-AC09-C1063B113CD8}" = Piggy Bankin
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7FDCE9-761E-44A5-A550-A3E42B15FA62}" = Vodoo
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A636624-62C3-4F04-B425-6B1658731DA2}" = Picnic Panic
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB03FE3E-ADC8-4D3F-B8FF-532C8D9FEE28}" = Poe
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDD094A5-B4DC-46C3-8817-67CD9E65B1D5}" = Reel Deal Slots Adventure World Tour
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{F679B8A1-0BB5-496C-B522-84097EF22CE3}" = Oil Tycoon
"{fe986ae8-5283-4177-9178-52ba8d21bb10}" = Jackpot Capital
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"Club Vegas 20,000 SLOTS - MegaBonus Edition" = Club Vegas 20,000 SLOTS - MegaBonus Edition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Gold VIP Club Casino" = Gold VIP Club Casino
"Grande Vegas Casino" = Grande Vegas Casino
"Hardware Helper_is1" = Hardware Helper
"HDMI" = Intel® Graphics Media Accelerator Driver
"Holly 2 Magic Land1.0" = Holly 2 Magic Land
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27" = Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mystery P.I. Stolen in San Francisco 1.00" = Mystery P.I. Stolen in San Francisco 1.00
"Mystery PI The Vegas Heist 1.00" = Mystery PI The Vegas Heist 1.00
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Reel Deal Slot Quest Alice in Wonderland1.0" = Reel Deal Slot Quest Alice in Wonderland
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultra iPod Movie Converter_is1" = Ultra iPod Movie Converter 5.3.0402
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.1.0)
"Xilisoft ISO Burner" = Xilisoft ISO Burner

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 8:00:13 PM | Computer Name = Colleen-PC | Source = Google Update | ID = 20
Description =

Error - 10/28/2011 3:21:37 PM | Computer Name = Colleen-PC | Source = Google Update | ID = 20
Description =

Error - 10/28/2011 3:30:45 PM | Computer Name = Colleen-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2011 3:40:51 PM | Computer Name = Colleen-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 10/28/2011 5:00:14 PM | Computer Name = Colleen-PC | Source = Google Update | ID = 20
Description =

Error - 10/31/2011 1:54:08 PM | Computer Name = Colleen-PC | Source = Application Error | ID = 1000
Description = Faulting application Ultra iPod Movie Converter.exe, version 1.0.0.1,
time stamp 0x4a263ab8, faulting module AppSys.dll, version 0.0.0.0, time stamp
0x4a2634b1, exception code 0xc0000005, fault offset 0x0000164f, process id 0x1a20,
application start time 0x01cc97f615d2f6b0.

Error - 10/31/2011 1:54:08 PM | Computer Name = Colleen-PC | Source = Application Error | ID = 1000
Description = Faulting application Ultra iPod Movie Converter.exe, version 1.0.0.1,
time stamp 0x4a263ab8, faulting module AppSys.dll, version 0.0.0.0, time stamp
0x4a2634b1, exception code 0xc0000005, fault offset 0x0000164f, process id 0xad4,
application start time 0x01cc97f615d2f6b0.

Error - 10/31/2011 8:25:26 PM | Computer Name = Colleen-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/2/2011 10:15:54 AM | Computer Name = Colleen-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/3/2011 10:32:27 AM | Computer Name = Colleen-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 2/27/2011 6:06:02 PM | Computer Name = Colleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 4/7/2011 2:50:22 PM | Computer Name = Colleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/3/2011 10:32:27 AM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/3/2011 10:32:27 AM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/3/2011 1:07:39 PM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2011 6:18:20 PM | Computer Name = Colleen-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 002556A344E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/5/2011 6:36:52 PM | Computer Name = Colleen-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.11 for the Network Card with network
address 002556A344E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/6/2011 6:51:35 PM | Computer Name = Colleen-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 002556A344E6.

Error - 11/7/2011 3:15:08 AM | Computer Name = Colleen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:12:17 PM on 11/6/2011 was unexpected.

Error - 11/7/2011 3:15:45 AM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/7/2011 3:15:45 AM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/7/2011 3:15:45 AM | Computer Name = Colleen-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Colleen
0 Report
Back to top of the page up there ^
MultiQuote
Quote Reply
Add Reply
Edit

--------------------------------------------------------------------------------
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,898 posts
  • MVP
Uninstall
Java™ 6 Update 7 (Obsolete. Get the latest at java.com)
eBay Toolbar Featuring Yahoo! (Foistware)
Microsoft Live Search Toolbar (Foistware)
Adobe Reader 9 (Obsolete get the latest at adobe.com)
Adobe Shockwave Player (Obsolete get the latest at adobe.com)
Norton Internet Security
µTorrent


Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Run the Norton Removal tool. Reboot if it asks you to.



Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:Services
Norton Internet Security
MpKsl04b601aa

:OTL
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Colleen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O33 - MountPoints2\{727bc8c8-3ab1-11e0-93b4-001f16de1f34}\Shell - "" = AutoRun
O33 - MountPoints2\{727bc8c8-3ab1-11e0-93b4-001f16de1f34}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config "Norton Internet Security" start= disabled /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan (It will want to download the avast engine so it can run an anti-virus scan. It's optional. Will take longer if it also does the anti-virus scan.)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP