Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

white desk top

Started by Fran Gilmore Hall , Dec 23 2011 09:23 PM

  • Please log in to reply

#1
Fran Gilmore Hall
Posted 23 December 2011 - 09:23 PM

Fran Gilmore Hall

    New Member

  • Member
  • Pip
  • 1 posts
My problem is very slow start up and my wall paper is gone, replaced with a white screen. Also computer is running slow. When I right click go to properties,desktop,the only thing hightlighted is color. I have downloaded ran and uninstalled several programs, AVG, Avast, PC Matic. Spybot that I haven't uninstalled yet. I use Malwarebytes, Avast and CCleaner,
Thank you
Fran Hall
Drive D: | 6.96 Gb Total Space | 1.26 Gb Free Space | 18.07% Space Free | Partition Type: FAT32

Computer Name: HAPPYBIRTHDAY | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv4SVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (HiWiredCore) -- C:\Program Files\HiWired\PC Check & Connect\HiWired.Client.Core.exe (HiWired Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MotorolaDAP) -- C:\WINDOWS\system32\MotorolaDAP.exe (Motorola Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl9a26706c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D937AD99-6C9A-468F-A235-1036D18DAC99}\MpKsl9a26706c.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 23:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 22:51:51 | 000,000,000 | ---D | M]

[2010/09/09 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2011/12/21 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions
[2009/01/10 20:00:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/13 20:05:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\[email protected]
[2011/11/16 23:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/27 22:35:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/11 21:12:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 14:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011/12/14 23:23:02 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/01/24 19:41:37 | 000,292,650 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10078 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Key error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.betterpho...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...aploader_v7.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06E9CC76-C311-4BC5-87E6-473692242E33}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCBB5F13-4832-4E6A-8ECF-2492CF901AF7}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19552BB-736C-4E01-B354-E801E391B1C7}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC23394F-AD85-4792-9D06-444A4A6F58E2}: DhcpNameServer = 216.97.170.4 216.97.170.5
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Vankning.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Vankning.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/30 17:56:52 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 20:33:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 16:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/22 21:05:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/12/22 12:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My muvees
[2011/12/21 23:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
[2011/12/20 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 22:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/12/19 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\MigWiz
[2011/12/19 14:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\adaware
[2011/12/19 13:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Bussinesss cards address lables
[2011/12/19 13:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\op photo res
[2011/12/18 11:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/18 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/12 18:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData
[2011/12/12 18:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started
[2011/12/12 18:17:08 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/12/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WinBatch
[2011/12/11 22:21:37 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
[2011/12/11 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/11 17:03:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/06 21:55:48 | 005,991,200 | ---- | C] (Siber Systems) -- C:\Documents and Settings\HP_Owner\My Documents\RoboForm-Desktop-Setup.exe
[2011/12/06 19:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\bussiness cards
[2011/12/02 22:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/04 20:12:29 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/10/13 12:44:34 | 004,351,608 | ---- | C] (W3i, LLC) -- C:\Program Files\gimp_9281.exe
[2006/01/31 22:35:07 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/23 20:56:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/23 20:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 20:35:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 19:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/23 19:18:06 | 000,475,874 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 19:18:06 | 000,085,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/12/23 19:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 19:13:19 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/12/23 16:43:03 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/23 12:10:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/12/22 20:37:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/22 17:43:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/22 15:29:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/22 10:31:04 | 000,009,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 04:53:44 | 000,295,042 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/20 23:58:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/20 18:47:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/12/19 20:41:10 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 20:41:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/19 19:59:38 | 000,000,268 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011/12/19 14:31:40 | 000,991,494 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/19 11:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/17 11:06:39 | 003,645,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 19:01:02 | 000,631,847 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/12 10:48:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2011/12/12 10:43:22 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\HP_Owner\default.pls
[2011/12/11 22:21:36 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:07:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/09 23:31:58 | 000,001,208 | ---- | M] () -- C:\WINDOWS\VFO.INI
[2011/12/06 23:17:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/12/06 19:42:31 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:26:40 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:40:32 | 000,330,807 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:16 | 006,310,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/28 18:19:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/11/27 13:14:45 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:46 | 000,421,289 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht

========== Files Created - No Company Name ==========

[2011/12/23 16:43:03 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/22 16:09:54 | 2138,624,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/22 15:29:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/21 04:53:44 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/21 00:02:56 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/20 23:57:44 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/19 14:31:40 | 000,991,494 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/18 11:56:14 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/12 19:01:01 | 000,631,847 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/11 22:07:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/06 19:42:31 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:22:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 22:22:20 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:22:04 | 000,330,807 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:08 | 006,310,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/27 13:14:44 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:44 | 000,421,289 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht
[2011/08/24 20:51:57 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/05 21:40:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/08/05 21:40:21 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/04 21:46:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/06/26 12:56:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/08 14:14:39 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe AIFF Format CS5 Prefs
[2010/09/28 09:34:36 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/09/28 09:16:18 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2010/09/28 09:14:55 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/09/28 09:14:55 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/09/28 09:14:55 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/09/28 09:14:55 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/09/28 09:14:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/06/15 20:24:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/11 16:52:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2010/01/05 21:33:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pepwnxfu.sys
[2010/01/04 16:21:57 | 000,114,692 | ---- | C] () -- C:\WINDOWS\Christmas and New Year 2005 Frames Pack Uninstaller.exe
[2010/01/03 13:06:09 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/12/30 10:24:19 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp
[2008/12/30 10:24:18 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\focus.tni
[2008/12/30 10:23:57 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_data_foc
[2008/12/30 10:23:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\data_foc
[2008/12/30 10:14:49 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dataz
[2008/12/17 19:47:50 | 000,083,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/24 23:22:59 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/04 13:05:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2008/09/04 13:05:03 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2008/09/04 13:04:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2008/07/20 13:18:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/26 11:28:58 | 001,175,372 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Install.dat
[2007/12/25 14:13:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/15 12:47:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/09/25 16:07:25 | 000,117,191 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/09/25 16:03:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/09/25 16:02:07 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/24 10:06:30 | 000,091,520 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/19 12:42:52 | 000,001,024 | ---- | C] () -- C:\WINDOWS\VueIcons.ini
[2007/07/23 19:20:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2007/02/27 23:50:58 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/27 22:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/15 17:27:38 | 000,000,489 | ---- | C] () -- C:\Program Files\Shortcut to Total PS7.lnk
[2007/01/27 20:32:06 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/01/27 19:01:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/01/27 18:43:46 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/01/25 23:37:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/20 23:27:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/15 21:43:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/23 22:15:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2006/08/23 22:15:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2006/08/23 22:10:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/07/18 09:49:54 | 000,064,512 | -H-- | C] () -- C:\WINDOWS\rbap450.dll
[2006/07/10 12:00:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/01 23:05:16 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/04/19 18:33:06 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/16 10:14:02 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp
[2006/04/16 10:14:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp
[2006/04/16 08:46:57 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/04/15 21:24:18 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2006/04/15 21:24:18 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2006/04/10 19:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/04/08 22:14:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/28 20:19:22 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI
[2006/03/28 20:19:04 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax
[2006/03/28 20:19:04 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax
[2005/09/26 20:02:22 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2005/09/26 19:57:45 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/01 00:23:14 | 000,000,098 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/08/31 22:33:23 | 000,215,552 | ---- | C] () -- C:\WINDOWS\System32\Webupdate2.dll
[2005/08/31 22:33:23 | 000,002,309 | ---- | C] () -- C:\WINDOWS\System32\french.ini
[2005/08/31 22:33:23 | 000,002,194 | ---- | C] () -- C:\WINDOWS\System32\spanish.ini
[2005/08/31 22:33:23 | 000,001,673 | ---- | C] () -- C:\WINDOWS\System32\english.ini
[2005/08/30 15:58:52 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/08/30 00:46:26 | 000,000,268 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/08/29 23:49:53 | 000,009,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2005/08/29 23:47:18 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/29 23:06:23 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/29 20:43:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/08/29 20:43:30 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/05/06 01:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 01:46:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 01:46:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 01:46:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 01:46:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 01:15:23 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/05/06 01:14:08 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 01:14:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 01:13:39 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 01:10:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 00:54:47 | 000,047,832 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/05/06 00:53:08 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/05/06 00:53:08 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/05/06 00:46:12 | 000,050,500 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2005/05/06 00:44:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/06 00:41:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/05/06 00:30:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/06 00:28:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 11:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/28 03:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/26 22:58:08 | 000,475,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/26 22:58:08 | 000,085,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/26 22:56:22 | 003,645,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/26 22:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/26 22:51:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 22:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/11 16:13:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/08/31 06:00:00 | 000,001,876 | -H-- | C] () -- C:\WINDOWS\System32\msisl$.dll
[2001/08/23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 22:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/23 21:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2005/09/01 11:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/09/01 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/10 19:26:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/29 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/07/29 13:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2010/03/04 10:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2011/10/30 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/12/20 23:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/11 03:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2007/01/27 20:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/27 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/12/25 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2007/04/12 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/12 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/01/11 11:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/09/13 21:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2006/05/13 21:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/30 18:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/09 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/10/11 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2006/04/19 18:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/03/22 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/07/13 20:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/12/23 19:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/17 19:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/08/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/02/01 22:59:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{36735930-3965-4D73-9FA0-1E8DBBB9F73B}
[2010/05/13 08:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/01 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{54C7CAE8-5F15-4236-B08D-4CF80E3C1EA1}
[2011/02/01 22:58:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5DEB9CCF-03FD-4827-9973-C304E722EFD9}
[2010/02/11 10:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/24 16:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{85E31355-0287-415E-833F-C91C059E0981}
[2011/02/01 23:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A9319562-7E37-4B47-9DA9-4E2F4AA249D0}
[2011/02/01 22:59:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ABA286BA-B174-477F-9D8C-F003CA88CE77}
[2011/02/01 22:57:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB071057-A2A8-4584-9AFF-E2D674AF01F8}
[2011/02/01 23:02:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
[2010/10/08 21:43:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D9E0EE67-1483-4783-8326-7E411B3B012D}
[2011/02/01 23:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DA4AB737-3A03-4508-9D68-1FCE2B35A87C}
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2006/06/04 00:52:35 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/08/24 15:18:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-HP_Owner-Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A77133
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C3AB27

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 26 December 2011 - 06:41 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to GeekstoGo Fran Gilmore Hall,

So far the log reflects too many changes in antivirus and other security software, too often. MS Security essentials showing here, as well as Kaspersky, and AVG, though not seeing as much of Avast as I would expect from a full install of that. The log also does show some adware, as well as likely malware proxy net access settings, so let's make some changes, get more detailed info then start some repairs.

The log you posted also seems to be missing part of it's header, so be sure to post the entire logs in your replies here.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

OTL should have created an Extras.Txt log, located in the same place as you have OTL.exe. Please locate and post the contents of that.

--------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  • 0

#3
Jintan
Posted 26 December 2011 - 06:41 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Is this your chosen desktop wallpaper?

C:\WINDOWS\Vankning.bmp
  • 0

#4
Jintan
Posted 27 December 2011 - 05:50 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I received your PM Fran. Just click the Add Reply button, upper or lower right corners of this page, and paste the log files. You can break them into parts, and use extra posts (more Add Reply's) to post them, if needed.
  • 0

#5
Jintan
Posted 27 December 2011 - 06:44 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Fran, only click Add Reply to post here. Try it - click Add Reply (nothing else), and type something, then click the Add Reply button below your text reply box. Once you have that under your belt, go ahead and start posting those log files.
  • 1

#6
Jintan
Posted 27 December 2011 - 09:32 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Be sure only the browser you are using to access this site is open - close all other open programs.

At the very bottom of this page is a "Delete My Cookies" link. Please click that. Then close and re-open your browser, log back in here and see if you can post then please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP