Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer freezes up, runs really slowly, especially on internet

Started by Drexman , Dec 04 2011 07:39 PM

  • Please log in to reply

#1
Drexman
Posted 04 December 2011 - 07:39 PM

Drexman

    Member

  • Member
  • PipPip
  • 25 posts
My daughter's laptop has been running really slow and freezing up (for no apparent reason) for the past 2 days. I have run a virus scan (Avast)which found nothing, and cleared all cookies, temp internet files, etc. I tried to do a system restore, but unfortunately she has zero points to restore to. I would love some help on what to try next to get it back to normal. Oh, also I tried removing unused programs today and Adobe Premiere Elements was one of them, but it wouldn't uninstall...it kept erroring out. Not sure if that is related to the problem.

She is running Windows 7 if that helps.

THANK YOU in advance for your help!

Here is my OTL log:
OTL logfile created on: 12/4/2011 4:49:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gracie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 40.26% Memory free
5.86 Gb Paging File | 3.61 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.47 Gb Total Space | 123.37 Gb Free Space | 56.99% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: GRACIE-HP | User Name: Gracie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 16:47:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gracie\Downloads\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/07/10 18:29:28 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/29 17:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2009/09/06 07:13:22 | 043,230,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\PhotoshopElementsEditor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 12:11:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/23 12:11:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/23 12:11:30 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/11/23 12:10:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/23 12:10:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/23 12:10:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/23 12:09:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/06 07:09:46 | 004,774,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\authplay.dll
MOD - [2009/09/06 06:55:08 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\OperaMgr.dll
MOD - [2009/09/06 06:45:40 | 000,430,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 8.0\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 17:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/11/26 11:34:29 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 12:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 00:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 09:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 09:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 09:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 09:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 09:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 09:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/10/11 17:08:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/22 17:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 17:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/05 11:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/04 19:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/04 08:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/08 07:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gracie\AppData\Roaming\Mozilla\Extensions
[2011/10/08 07:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/04 08:12:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/04 08:14:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D2CF161-1960-49D6-9AB9-EBD4C5C845A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E69046-4B35-4ED2-BFB6-2CF003180388}: DhcpNameServer = 40.5.1.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 21:12:23 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Desktop\pictures
[2011/11/26 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Gracie\AppData\Local\{9A3799B1-A1BF-4DD4-8BE4-9F17B0F449B9}
[2011/11/26 20:00:08 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Amazon MP3
[2011/11/26 19:47:15 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\NewBlueFX
[2011/11/26 19:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/11/26 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Adobe
[2011/11/26 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Desktop\Adobe Premiere Elements 10
[2011/11/26 16:24:01 | 000,000,000 | ---D | C] -- C:\Users\Gracie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/11/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011/11/26 15:40:40 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\ChunkFive
[2011/11/22 14:30:47 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/22 14:30:47 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/22 11:32:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/11/22 11:25:34 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/11/22 11:24:59 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/11/19 13:13:02 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Salaryman
[2011/11/19 13:12:33 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Latin-Modern-Mono
[2011/11/19 13:11:27 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\WC-Sold-Out-Bta
[2011/11/19 13:10:02 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\England-Hand-DB
[2011/11/19 13:09:16 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Diner-Skinny
[2011/11/19 13:08:22 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Impact-Label
[2011/11/19 13:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Raleway
[2011/11/19 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Lane
[2011/11/19 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\NeoRetroDraw
[2011/11/19 13:05:12 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Ballpark
[2011/11/19 13:04:39 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\st-marie
[2011/11/19 13:03:48 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\Quicksand
[2011/11/13 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\Gracie\AppData\Local\{6C2AFB20-B768-4937-ADEB-9B71CEC10ADF}
[2011/11/12 19:36:56 | 000,000,000 | ---D | C] -- C:\Users\Gracie\AppData\Local\{77CFFD3B-1761-4F1D-87E8-7B5C1CBEBCB1}
[2011/11/05 17:07:49 | 000,000,000 | ---D | C] -- C:\Users\Gracie\Documents\hammer_keys

========== Files - Modified Within 30 Days ==========

[2011/12/04 16:27:33 | 003,328,341 | ---- | M] () -- C:\Users\Gracie\Desktop\kristi
[2011/12/04 16:27:33 | 003,328,341 | ---- | M] () -- C:\Users\Gracie\Desktop\IMG_7556.JPG
[2011/12/04 16:05:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 16:05:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 15:57:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/04 15:56:51 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 15:52:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/04 15:29:54 | 000,504,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/02 18:20:55 | 003,476,941 | ---- | M] () -- C:\Users\Gracie\Desktop\stephcard_edited-2.jpg
[2011/12/02 18:20:43 | 026,298,560 | ---- | M] () -- C:\Users\Gracie\Desktop\stephcard_edited-1.psd
[2011/12/02 16:14:23 | 000,216,880 | ---- | M] () -- C:\Users\Gracie\Desktop\radvent.jpg
[2011/12/01 17:50:16 | 000,410,908 | ---- | M] () -- C:\Users\Gracie\Desktop\2011giftlist.jpg
[2011/12/01 17:47:29 | 000,012,158 | ---- | M] () -- C:\Users\Gracie\Desktop\f21.jpg
[2011/12/01 17:46:36 | 000,012,988 | ---- | M] () -- C:\Users\Gracie\Desktop\nakedpallate.jpg
[2011/12/01 17:45:55 | 000,027,030 | ---- | M] () -- C:\Users\Gracie\Desktop\tayswift.jpg
[2011/12/01 17:45:09 | 000,013,682 | ---- | M] () -- C:\Users\Gracie\Desktop\yognuo.jpg
[2011/12/01 17:43:48 | 000,084,331 | ---- | M] () -- C:\Users\Gracie\Desktop\blackberry.png
[2011/12/01 12:47:18 | 000,040,626 | ---- | M] () -- C:\Users\Gracie\Desktop\6414628455_d375efb7ef_o.png
[2011/11/30 21:42:47 | 000,036,463 | ---- | M] () -- C:\Users\Gracie\Desktop\kk.JPG
[2011/11/30 21:40:59 | 000,014,507 | ---- | M] () -- C:\Users\Gracie\Desktop\innovative.JPG
[2011/11/30 21:39:10 | 000,026,739 | ---- | M] () -- C:\Users\Gracie\Desktop\shabbyapple.JPG
[2011/11/30 21:37:31 | 000,074,483 | ---- | M] () -- C:\Users\Gracie\Desktop\atss.JPG
[2011/11/30 21:33:54 | 000,021,346 | ---- | M] () -- C:\Users\Gracie\Desktop\rise&fly.JPG
[2011/11/30 21:29:03 | 000,012,129 | ---- | M] () -- C:\Users\Gracie\Desktop\simplybeautiful.JPG
[2011/11/30 07:16:28 | 003,464,676 | ---- | M] () -- C:\Users\Gracie\Desktop\stephcard_edited-1.jpg
[2011/11/30 07:16:15 | 026,304,423 | ---- | M] () -- C:\Users\Gracie\Desktop\stephcard.psd
[2011/11/29 16:38:27 | 007,146,914 | ---- | M] () -- C:\Users\Gracie\Desktop\steph pic.jpg
[2011/11/29 16:37:18 | 005,300,104 | ---- | M] () -- C:\Users\Gracie\Desktop\scott sign.jpg
[2011/11/28 20:47:23 | 006,313,599 | ---- | M] () -- C:\Users\Gracie\Desktop\seth sign.jpg
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 10:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 10:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 09:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 09:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 09:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 09:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 09:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 09:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/27 13:23:06 | 000,027,755 | ---- | M] () -- C:\Users\Gracie\Desktop\music.jpg
[2011/11/27 13:01:51 | 006,526,232 | ---- | M] () -- C:\Users\Gracie\Desktop\dylan.jpg
[2011/11/27 12:59:00 | 008,578,763 | ---- | M] () -- C:\Users\Gracie\Desktop\lydia.jpg
[2011/11/27 12:11:11 | 006,457,726 | ---- | M] () -- C:\Users\Gracie\Desktop\Claire use this one.jpg
[2011/11/27 09:10:06 | 000,034,578 | ---- | M] () -- C:\Users\Gracie\Desktop\nikon-F-01_preview.jpg
[2011/11/26 22:04:44 | 006,959,413 | ---- | M] () -- C:\Users\Gracie\Desktop\Marissa.jpg
[2011/11/26 20:23:48 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/26 20:23:48 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/26 20:23:48 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/26 19:59:52 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/26 17:59:57 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 10.lnk
[2011/11/26 16:23:50 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/11/26 08:34:23 | 000,030,939 | ---- | M] () -- C:\Users\Gracie\Desktop\cheer.jpg
[2011/11/25 21:01:11 | 000,027,025 | ---- | M] () -- C:\Users\Gracie\Desktop\pens.JPG
[2011/11/25 19:18:57 | 000,073,096 | ---- | M] () -- C:\Users\Gracie\Desktop\11 24 11_0027.jpg
[2011/11/24 09:21:08 | 000,045,623 | ---- | M] () -- C:\Users\Gracie\Desktop\dad.jpg
[2011/11/05 17:43:08 | 455,074,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 17:40:53 | 000,001,667 | ---- | M] () -- C:\Users\Gracie\mymemoriessuite.prefs

========== Files Created - No Company Name ==========

[2011/12/04 16:29:01 | 003,328,341 | ---- | C] () -- C:\Users\Gracie\Desktop\IMG_7556.JPG
[2011/12/04 16:27:44 | 003,328,341 | ---- | C] () -- C:\Users\Gracie\Desktop\kristi
[2011/12/02 18:20:51 | 003,476,941 | ---- | C] () -- C:\Users\Gracie\Desktop\stephcard_edited-2.jpg
[2011/12/02 18:20:40 | 026,298,560 | ---- | C] () -- C:\Users\Gracie\Desktop\stephcard_edited-1.psd
[2011/12/02 16:15:35 | 000,216,880 | ---- | C] () -- C:\Users\Gracie\Desktop\radvent.jpg
[2011/12/01 17:50:14 | 000,410,908 | ---- | C] () -- C:\Users\Gracie\Desktop\2011giftlist.jpg
[2011/12/01 17:47:34 | 000,012,158 | ---- | C] () -- C:\Users\Gracie\Desktop\f21.jpg
[2011/12/01 17:46:45 | 000,012,988 | ---- | C] () -- C:\Users\Gracie\Desktop\nakedpallate.jpg
[2011/12/01 17:46:02 | 000,027,030 | ---- | C] () -- C:\Users\Gracie\Desktop\tayswift.jpg
[2011/12/01 17:45:17 | 000,013,682 | ---- | C] () -- C:\Users\Gracie\Desktop\yognuo.jpg
[2011/12/01 17:44:02 | 000,084,331 | ---- | C] () -- C:\Users\Gracie\Desktop\blackberry.png
[2011/12/01 12:44:37 | 000,040,626 | ---- | C] () -- C:\Users\Gracie\Desktop\6414628455_d375efb7ef_o.png
[2011/11/30 21:42:47 | 000,036,463 | ---- | C] () -- C:\Users\Gracie\Desktop\kk.JPG
[2011/11/30 21:40:59 | 000,014,507 | ---- | C] () -- C:\Users\Gracie\Desktop\innovative.JPG
[2011/11/30 21:39:10 | 000,026,739 | ---- | C] () -- C:\Users\Gracie\Desktop\shabbyapple.JPG
[2011/11/30 21:37:31 | 000,074,483 | ---- | C] () -- C:\Users\Gracie\Desktop\atss.JPG
[2011/11/30 21:33:54 | 000,021,346 | ---- | C] () -- C:\Users\Gracie\Desktop\rise&fly.JPG
[2011/11/30 21:29:03 | 000,012,129 | ---- | C] () -- C:\Users\Gracie\Desktop\simplybeautiful.JPG
[2011/11/30 07:16:23 | 003,464,676 | ---- | C] () -- C:\Users\Gracie\Desktop\stephcard_edited-1.jpg
[2011/11/30 07:16:09 | 026,304,423 | ---- | C] () -- C:\Users\Gracie\Desktop\stephcard.psd
[2011/11/29 16:38:42 | 007,146,914 | ---- | C] () -- C:\Users\Gracie\Desktop\steph pic.jpg
[2011/11/29 16:37:32 | 005,300,104 | ---- | C] () -- C:\Users\Gracie\Desktop\scott sign.jpg
[2011/11/28 20:49:31 | 006,313,599 | ---- | C] () -- C:\Users\Gracie\Desktop\seth sign.jpg
[2011/11/27 13:23:16 | 000,027,755 | ---- | C] () -- C:\Users\Gracie\Desktop\music.jpg
[2011/11/27 13:01:58 | 006,526,232 | ---- | C] () -- C:\Users\Gracie\Desktop\dylan.jpg
[2011/11/27 12:59:11 | 008,578,763 | ---- | C] () -- C:\Users\Gracie\Desktop\lydia.jpg
[2011/11/27 12:56:39 | 006,457,726 | ---- | C] () -- C:\Users\Gracie\Desktop\Claire use this one.jpg
[2011/11/27 09:10:14 | 000,034,578 | ---- | C] () -- C:\Users\Gracie\Desktop\nikon-F-01_preview.jpg
[2011/11/26 22:05:04 | 006,959,413 | ---- | C] () -- C:\Users\Gracie\Desktop\Marissa.jpg
[2011/11/26 18:04:24 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/11/26 17:59:57 | 000,002,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 10.lnk
[2011/11/26 17:59:57 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 10.lnk
[2011/11/26 16:23:50 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/11/26 16:23:50 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/11/26 08:34:52 | 000,030,939 | ---- | C] () -- C:\Users\Gracie\Desktop\cheer.jpg
[2011/11/25 21:01:10 | 000,027,025 | ---- | C] () -- C:\Users\Gracie\Desktop\pens.JPG
[2011/11/25 19:18:54 | 000,073,096 | ---- | C] () -- C:\Users\Gracie\Desktop\11 24 11_0027.jpg
[2011/11/24 09:21:20 | 000,045,623 | ---- | C] () -- C:\Users\Gracie\Desktop\dad.jpg
[2011/11/22 11:26:52 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/11/22 11:25:35 | 000,793,088 | ---- | C] () -- C:\Windows\SysNative\autoconv.exe
[2011/11/22 11:25:06 | 000,641,024 | ---- | C] () -- C:\Windows\SysNative\msscp.dll
[2011/11/22 11:25:06 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\iasrad.dll
[2011/11/22 11:24:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/11/22 11:24:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/11/22 11:24:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/11/22 11:23:43 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/06/19 12:02:35 | 000,000,497 | ---- | C] () -- C:\Windows\eReg.dat
[2010/11/27 08:14:57 | 000,323,072 | R--- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2010/11/27 08:14:57 | 000,190,976 | R--- | C] () -- C:\Windows\SysWow64\Wgalogon.dll
[2010/08/17 00:32:10 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/17 00:28:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/17 00:28:30 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/17 00:28:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/17 00:28:29 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/17 00:28:29 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/17 00:28:09 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/08/17 00:28:09 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/07/10 21:06:40 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/10 20:02:49 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/23 00:00:02 | 000,667,136 | R--- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2008/09/20 23:13:46 | 000,530,976 | ---- | C] () -- C:\Windows\SysWow64\OGAVerify.exe

========== LOP Check ==========

[2011/07/10 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Gracie\AppData\Roaming\Amazon
[2011/11/26 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Gracie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/14 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\Gracie\AppData\Roaming\Windows Live Writer
[2009/07/13 21:08:49 | 000,029,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 05 December 2011 - 12:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Not sure it's malware but let's check:


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP