Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Avast Not working, Computer freezes on load and logoff [Solved]


  • This topic is locked This topic is locked

#1
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
Good morning and thank you in advance for any help you can give. I have used this site in the past and had great success with my old desktop.

My wife is the prime user of the computer and states that while she was playing Treasure Madness this morning on Facebook the computer beeped and the scree went to what she described as what I know the blue screen of death with lots of writing on it and that if this was the first time seeing this screen to just reboot. Well after about 3 hours of attempting everything I know to do with computer viruses and crashes I am at my wits end. Attempted safe mode and restore point from a week ago and the computer froze on reboot. Attempted Antispyware, AntiMalware programs and scans were clean. Attempted to run AntiVast and it will not update and when I click scan it just goes to complete with 0 files scanned. After numerous retries in safe and regular mode I am at the point where the computer is freezing before the desktop loads. The other strange thing is upon reboot of the computer (using power button and regular reboot from safe mode) there is a pattern of purple colored dots that covers the screen in a set pattern that is only visible during initial startup screen. I have used the older programs, HIJACK This and ComboFix etc and need to know what steps I need to do to start trying to get rid of whatever found its way into my hard drive. I do not believe that I can get internet access at this time on the computer as it freezes before I can, So I need to know if I need to download the fix programs onto a cd, or will a small flashdrive work.

My infected computer uses Windows Vista Home edition and we generally use Firefox to browse the web. The computer is only about 18 months old and has plenty of free memory and disk space. Please advice on what I need to do and I will do it ASAP as it is my only computer at home. I am usually at work from 3-11pm so I will check back and do what needs to be done everyday outside of those times. Again Thanks for any help.

Jeff
  • 0

#2
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
ok Update, I got my computer to at least browse in safemode. When I attempted to run the computer this morning it seemed to boot normally but as soon as I ran Firefox it started to load the home page and then froze. I did run the OTL and the logs are below:

OTL logfile created on: 3/12/2012 9:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Melissa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 85.26% Memory free
12.11 Gb Paging File | 11.39 Gb Available in Paging File | 94.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 364.85 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.20 Gb Free Space | 47.97% Space Free | Partition Type: NTFS
Drive L: | 3.74 Gb Total Space | 3.67 Gb Free Space | 98.00% Space Free | Partition Type: FAT32

Computer Name: HARTER-FAMILY | User Name: Melissa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 00:02:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe
PRC - [2011/06/13 10:39:06 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/13 10:39:06 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 10:40:58 | 000,640,760 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/13 10:39:13 | 001,640,216 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/21 16:03:53 | 001,052,328 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\dlebcoms.exe -- (dleb_device)
SRV:64bit: - [2010/05/21 16:03:48 | 000,045,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dlebserv.exe -- (dlebCATSCustConnectService)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 08:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/14 16:23:36 | 000,566,768 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\dlcccoms.exe -- (dlcc_device)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/13 10:39:06 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company) [Auto | Stopped] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/04 18:57:32 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2010/05/21 16:03:39 | 000,598,696 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\dlebcoms.exe -- (dleb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/04/10 08:47:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/11/28 13:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 13:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 13:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 13:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 13:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 13:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/30 10:58:18 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 12:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/02/17 12:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/07/21 07:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 08:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/10 07:28:50 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/25 07:14:54 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2rs64.sys -- (Ser2rs)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2011/12/19 22:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2010/10/04 19:06:28 | 000,025,648 | ---- | M] (The Nielsen Company) [Kernel | System | Stopped] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys -- (nnfwdk)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040000})
DRV - [2008/08/22 14:37:14 | 000,014,336 | ---- | M] (The Nielsen Company) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-yff2"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-yff2"
FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2260173&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Melissa\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\PROGRAM FILES (X86)\NETRATINGSNETSIGHT\NETSIGHT\METER3\FFADDON\ [2012/02/22 11:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/11 13:48:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FFAddon\ [2012/02/22 11:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2011/11/02 19:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2012/01/25 20:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/13 12:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 20:58:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Melissa\AppData\Roaming\Move Networks [2009/11/10 16:33:02 | 000,000,000 | ---D | M]

[2009/04/18 12:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions
[2012/03/06 13:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions
[2011/02/22 13:41:51 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/02/22 13:41:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 15:30:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/08 07:16:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(71)
[2012/03/06 13:32:30 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/12/06 08:19:54 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}(72)
[2011/10/07 08:53:11 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\toolbar@ask.com
[2011/03/20 13:05:59 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\extensions\toolbar@shopathome.com
[2010/11/23 13:12:12 | 000,000,923 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\searchplugins\conduit.xml
[2010/01/27 13:19:47 | 000,001,741 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\searchplugins\search-the-web.xml
[2011/12/13 08:15:52 | 000,001,524 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\7xjojmxc.default\searchplugins\swagbuckscom.xml
[2011/11/13 11:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/01 18:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/01 18:12:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/22 11:09:36 | 000,000,000 | ---D | M] (Nielsen) -- C:\PROGRAM FILES (X86)\NETRATINGSNETSIGHT\NETSIGHT\METER3\FFADDON
[2012/01/13 12:34:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 01:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2009/11/20 16:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/20 16:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/16 23:21:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/13 11:06:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: NielsenOnline (Enabled) = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\chrometracker.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\nprjplug.dll
CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: ArtistScope DRM plugin 1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Melissa\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Nielsen = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [dlebmon.exe] C:\Program Files (x86)\Dell P513w\dlebmon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell P513w\ezprint.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: acnielsenonline.com ([survey] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBCBF65-153A-4D76-A51C-CA222003B4F7}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Melissa\Documents\scrapbook pics\NYE 2011-1.JPG
O24 - Desktop BackupWallPaper: C:\Users\Melissa\Documents\scrapbook pics\NYE 2011-1.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b78a850-3774-11e0-8c1d-0021705ac003}\Shell - "" = AutoRun
O33 - MountPoints2\{0b78a850-3774-11e0-8c1d-0021705ac003}\Shell\AutoRun\command - "" = L:\TL_Bootstrap.exe
O33 - MountPoints2\{6f2b42c5-596b-11e1-a315-0021705ac003}\Shell - "" = AutoRun
O33 - MountPoints2\{6f2b42c5-596b-11e1-a315-0021705ac003}\Shell\AutoRun\command - "" = N:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 09:26:51 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe
[2012/03/11 15:55:10 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2012/02/15 07:23:06 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 07:22:57 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 07:22:57 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/15 07:22:57 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/15 07:22:57 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 07:22:56 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 07:22:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/15 07:22:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 07:22:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/15 07:22:55 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 07:22:55 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 07:22:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 07:22:53 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/15 07:22:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 09:29:05 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 09:29:05 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 09:29:05 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/12 09:24:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 09:17:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 09:17:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 00:02:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe
[2012/03/11 17:21:35 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/11 17:21:30 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/03/11 16:10:56 | 000,008,268 | ---- | M] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat
[2012/03/11 12:34:08 | 000,000,732 | ---- | M] () -- C:\Users\Melissa\AppData\Local\d3d9caps64.dat
[2012/03/10 13:59:14 | 021,291,008 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/03/10 13:59:07 | 043,819,008 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/03/07 15:50:59 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 22:51:49 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/06 14:53:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/03/06 11:39:02 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/29 14:02:36 | 000,001,180 | ---- | M] () -- C:\Users\Melissa\Documents\passwords.rtf
[2012/02/27 17:47:27 | 000,112,640 | ---- | M] () -- C:\Users\Melissa\Documents\patric boy scouts hw.fct
[2012/02/26 00:39:25 | 000,001,666 | ---- | M] () -- C:\Users\Melissa\Documents\cake recipe.rtf
[2012/02/23 21:29:26 | 000,010,542 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat
[2012/02/16 04:30:12 | 000,328,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 09:39:09 | 000,000,732 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps64.dat
[2012/02/26 22:29:08 | 000,112,640 | ---- | C] () -- C:\Users\Melissa\Documents\patric boy scouts hw.fct
[2011/12/17 15:04:48 | 000,008,426 | -HS- | C] () -- C:\Users\Melissa\AppData\Local\505417c5w032f023y141p1sgc2i4
[2011/12/17 15:04:48 | 000,008,426 | -HS- | C] () -- C:\ProgramData\505417c5w032f023y141p1sgc2i4
[2011/06/06 11:19:05 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEBinst.dll
[2011/06/06 11:19:04 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebusb1.dll
[2011/06/06 11:19:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebpmui.dll
[2011/06/06 11:19:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebinpa.dll
[2011/06/06 11:19:04 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dlebcomx.dll
[2011/06/06 11:19:04 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebiesc.dll
[2011/06/06 11:19:04 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dlebins.dll
[2011/06/06 11:19:04 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dlebinsb.dll
[2011/06/06 11:19:04 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dlebcu.dll
[2011/06/06 11:19:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlebinsr.dll
[2011/06/06 11:19:04 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlebcub.dll
[2011/06/06 11:19:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dlebjswr.dll
[2011/06/06 11:19:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlebcur.dll
[2011/06/06 11:19:03 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebserv.dll
[2011/06/06 11:19:03 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebhbn3.dll
[2011/06/06 11:19:03 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebcoms.exe
[2011/06/06 11:19:03 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dleblmpm.dll
[2011/06/06 11:19:03 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebcomm.dll
[2011/06/06 11:19:03 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebih.exe
[2011/06/06 11:19:02 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebcomc.dll
[2011/06/06 11:19:02 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dlebcfg.exe
[2011/06/06 11:19:02 | 000,086,183 | ---- | C] () -- C:\Windows\SysWow64\DLEBcfg.dll
[2011/06/06 11:18:09 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEBsmr.dll
[2011/06/06 11:18:08 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEBsm.dll
[2010/12/24 19:37:00 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0E1F7F2356.sys
[2010/12/24 19:09:37 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/04 18:57:32 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\CSHelper.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


OTL Extras logfile created on: 3/12/2012 9:27:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Melissa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 85.26% Memory free
12.11 Gb Paging File | 11.39 Gb Available in Paging File | 94.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 364.85 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.20 Gb Free Space | 47.97% Space Free | Partition Type: NTFS
Drive L: | 3.74 Gb Total Space | 3.67 Gb Free Space | 98.00% Space Free | Partition Type: FAT32

Computer Name: HARTER-FAMILY | User Name: Melissa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [command] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [command] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F2 C8 92 C2 BA 74 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0060BC6E-5420-4666-A54D-3F6ACC384415}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09C14CDB-3F8B-4425-BBCE-B280BEC14885}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16D3B2DF-2320-4F5F-8AAD-4529EC29DC6F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1DB49125-7FA8-4AE5-9316-9DE570AB46CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EB11A31-F1AD-4F32-AAD5-264EAE6CFB3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{309B72E1-5C80-4A46-AC7D-0543BC0E82FC}" = lport=139 | protocol=6 | dir=in | app=system |
"{35044862-F59B-4500-BC46-96C2F7FA821B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F0C1120-AD5D-4CA2-94DA-FC356E964C7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F0EC6BD-BC14-4DA4-A10C-4B96647AA4DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{44D4B031-D8C9-4313-A123-ABDD7DAC777E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44F793E9-5659-410E-8580-E51934415786}" = rport=445 | protocol=6 | dir=out | app=system |
"{4552541E-AA79-4753-81DA-B76681475B4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47F7F406-82F0-498A-AD2A-CACBF1271DAD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4A84FAEC-5F83-45A2-9F80-128C5C4BD425}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5ACEBAA8-1D27-4BAA-BFA2-A26669B2D6DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72021D3F-FDBB-42B5-AF06-58E7731D932E}" = rport=138 | protocol=17 | dir=out | app=system |
"{723F7472-D3A1-468C-A80D-FD641D999A60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{728068FF-4A50-4B78-8F83-B10C14E13E50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FEF4BA7-E17D-42B7-9B85-A6B1D6A214DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{997B89E7-8FED-4674-9E30-76D04B1BD70A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DA4E2AD-CEE8-495E-A80B-B409EF99BFB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{9DB18B02-988D-48BD-A933-B5E2C94AB697}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF7EF10F-C04F-4710-A97E-13B155BED8C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0CD7CE2-BE32-466F-99F3-C81E5A90B4D1}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7C3110A-890F-4736-A5D2-8DDF68048527}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CA84AC53-48C2-447B-A167-1EF69994DDA5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E1A7E8C9-ECD5-4475-BD78-88DA7631C1FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{E76EB6A9-2892-4E08-B553-19CF7F35F603}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F383F36D-6119-4BD9-8684-748859897164}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00401714-3517-47F8-8813-6DD9C977D7D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{016BB5C9-F30B-4A4F-A360-D679C1ABB976}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08503292-6234-4C1B-8ECE-83AA483CEA93}" = protocol=6 | dir=in | app=c:\windows\temp\~os52c9.tmp\ossproxy.exe |
"{08AF03BE-DC22-46B1-8978-D91A21EFABB1}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{0CB35E9E-1AF6-4367-81AB-901C4419A5D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CDB7EAB-60E8-4925-A14D-DF4CF93A6B49}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{111AF85A-36DC-45A5-BBFF-696487825787}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{24D9D4C1-6ECF-485F-AECB-3EF212139ABF}" = protocol=6 | dir=in | app=c:\windows\temp\~os172d.tmp\opnsqr.exe |
"{2AD88627-193F-4620-97B3-BB41B29ACF02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E382923-5A41-4A64-95C3-E06192941EF4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2FA680A7-E3A5-400E-9293-CAA6CD3B0F89}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{32B4FF50-54CA-4587-A9C7-D08C3B947FED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40117230-18C0-45E9-9FA2-11814741CDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{45253659-7528-44BD-9D6B-243CE8DF6CBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46230399-EB38-4B2C-A7F0-F2B5A326CF91}" = dir=in | app=c:\windows\system32\dlebcoms.exe |
"{4C502A35-5300-432B-ABC6-E90CF2EFFFEA}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4EED7E88-7F2A-492D-957D-C94EDAC9DD0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F1B620A-464B-41F9-B36F-8D81C7E178DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{56A1D1DE-AF4B-412F-8F67-D68E90B5131D}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{5754844E-94A9-4325-B53E-20BCF731D4BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B03C970-CBF9-4873-A435-CF71FA8D1A7A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5C7A92EF-4A99-45AD-8950-7186DE0F99D9}" = dir=in | app=c:\windows\system32\dlebcoms.exe |
"{612A72C4-1FB3-46EF-B389-AFD719C4EED7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{61BF51FF-DC08-4F56-90FF-29DE898C8088}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6555B97F-D58E-41C2-A8B3-28FBEF0C1577}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{65ABB363-74C8-4886-A00B-74FD2E29270B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6CFBC3A9-BA46-4EE8-B173-A6641D60FE01}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7035ACE3-1FA5-4AE3-8140-F1275A611A93}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{720F6DEA-45B2-46E5-8D2A-62F911318A45}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{7499C261-4C33-4CE6-8E3A-EF9D1FF1671E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F99C42B-50D3-4DCF-A03D-73A6332979C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80EBF215-A149-4074-8577-7AF10FEECA7D}" = protocol=6 | dir=in | app=c:\windows\temp\~os8a5.tmp\ossproxy.exe |
"{833CEDB0-5883-4A4F-8350-847313CB0258}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8356FBED-E2E6-4AA2-BDF5-C5286F01BACD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86FF1733-022D-4850-9A5E-B4FCD2C89C75}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{88F34C64-1DB7-4D34-AB48-62EEF9180FB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B4C7CF3-8341-4E32-868E-BC3D074D9C66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B6F0D10-2F33-4A63-925B-EA32F385863D}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{9000885C-40E4-4252-A24D-67D10AA00A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{9187C0C2-D2D5-4F47-B3FC-87EC85E7003A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{949EB8D1-465A-4678-88E4-DA1F1BC8C2CF}" = protocol=6 | dir=in | app=c:\windows\temp\~os55.tmp\ossproxy.exe |
"{9D63AE96-0CD6-408C-8C6E-B9ED88BFC06A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9D969772-82FB-41CA-AFF4-8C2B07764A8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4A48B91-F51E-4E8C-8ED7-FB75C40386F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB990E78-5C7A-4CD7-8A71-C71B1E7D3D95}" = protocol=6 | dir=out | app=system |
"{B164A294-478F-4086-906A-20B47F0FD989}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC25D063-7BF6-43F8-9CF7-283368A4CF93}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C115FA46-7EB3-45BA-BA96-0CDB20F5D93E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3BCAA78-1CA1-4781-B07D-0F0BAB69831C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7E45E09-4152-4CA0-9CA4-4AF38B9CB6EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE9833CB-6489-4242-9048-F636ED056879}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{CEB36992-7C0E-4678-9253-5665D6CB15C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF1CB0C3-8162-44AA-83C9-1C09835587EA}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D2D232C6-7C62-453B-88A2-ACE47B7DF6CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2E754C9-9A31-4EB9-B16A-4180AD462DD4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3FF16DD-8AF4-40AA-A20B-AEB323CC464E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAFF661F-254B-44BC-92DA-5093F2F169C6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{E10A55BF-0A78-4513-BB6E-486568832930}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E677F8BA-F17E-4B3D-8BCF-A5BAE3DB7C89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8A1D614-82C6-4B99-8092-30971BF8ACA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F1B20A5E-44E5-4BA9-A516-B3E25305EC98}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{F96EE1E8-8F12-488E-94A3-F80EAFA232AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC9465C4-CBE4-4C0F-A24F-28397EF9D49A}" = protocol=6 | dir=in | app=c:\windows\temp\~osf28.tmp\ossproxy.exe |
"{FF94963E-7AC8-4A80-BEF1-6393FA49599B}" = dir=in | app=c:\windows\system32\dlebcoms.exe |
"{FFF8DC4D-DBEF-401F-9443-AF54734BC860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2A51FD20-C737-4330-BB84-FD399E7BDDD5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7070CDF8-43A6-465C-A85A-87A5A42F2C1A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7CC15ABF-0B45-466B-91AE-150542F9D0F3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DC825385-A1D2-4BBE-A34C-F55C57B111DD}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E5F2A9F7-2C70-459B-AC39-76AFC052F085}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
"UDP Query User{2BD150D9-DFFF-4867-9A03-3BBAD1DF579F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{376CE769-C98B-4F4F-8F9F-B71FDB920257}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe |
"UDP Query User{56957371-1CA9-45B0-9B31-F60D836590EE}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C9BE5440-E298-480E-A88D-F7FBCDCBAAEB}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
"UDP Query User{D9695B19-B5B5-4D29-AB7A-C7755C785E71}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Dell P513w" = Dell P513w
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}" = Scrapbook Factory Deluxe 3.0
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3B331DEB-DD7B-4B92-BB21-1228DD8D2BCF}" = Virtual Weather Station
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Deluxe 7.0
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FB0746B-5D91-48C1-9B87-27D503A220EC}" = ArcSoft Print Creations
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Homescan Internet Transporter
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E203B893-036D-4119-81FE-FEC01AEC91BD}" = NVIDIA PhysX v8.10.06
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"avast" = avast! Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"IrfanView" = IrfanView (remove only)
"KindleConverter" = Kindle PC Converter
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 4.0b9 (x86 en-US)" = Mozilla Firefox 4.0b9 (x86 en-US)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NetSight" = Nielsen
"Photo Gadget_is1" = Photo Gadget
"PIXresizer_is1" = PIXresizer 2.0.4
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WildTangent dell Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WTA-e9115ab9-64b9-46aa-adf1-80a930caa1b1" = Bejeweled Twist
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Move Media Player" = Move Media Player
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2012 12:03:16 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 3/5/2012 12:03:17 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 12:03:17 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027

Error - 3/5/2012 12:03:17 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027

Error - 3/5/2012 12:03:18 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 12:03:18 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025

Error - 3/5/2012 12:03:18 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

Error - 3/5/2012 12:03:19 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 12:03:19 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023

Error - 3/5/2012 12:03:19 AM | Computer Name = Harter-Family | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

[ Media Center Events ]
Error - 9/26/2009 11:33:10 PM | Computer Name = Harter-Family | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 2:16:04 PM | Computer Name = Harter-Family | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/11/2012 12:39:12 PM | Computer Name = Harter-Family | Source = Service Control Manager | ID = 7001
Description =

Error - 3/12/2012 9:17:35 AM | Computer Name = Harter-Family | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\nnrnstdi.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/12/2012 9:24:22 AM | Computer Name = Harter-Family | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\nnrnstdi.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/12/2012 9:25:02 AM | Computer Name = Harter-Family | Source = Service Control Manager | ID = 7001
Description =

Error - 3/12/2012 9:25:02 AM | Computer Name = Harter-Family | Source = Service Control Manager | ID = 7026
Description =

Error - 3/12/2012 9:25:11 AM | Computer Name = Harter-Family | Source = DCOM | ID = 10005
Description =

Error - 3/12/2012 9:25:20 AM | Computer Name = Harter-Family | Source = DCOM | ID = 10005
Description =

Error - 3/12/2012 9:25:25 AM | Computer Name = Harter-Family | Source = DCOM | ID = 10005
Description =

Error - 3/12/2012 9:25:39 AM | Computer Name = Harter-Family | Source = DCOM | ID = 10005
Description =

Error - 3/12/2012 9:25:49 AM | Computer Name = Harter-Family | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Hello nyraidersfan and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Please remove your version of Combofix before you start with steps.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{0b78a850-3774-11e0-8c1d-0021705ac003}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b78a850-3774-11e0-8c1d-0021705ac003}\Shell\AutoRun\command - "" = L:\TL_Bootstrap.exe
    O33 - MountPoints2\{6f2b42c5-596b-11e1-a315-0021705ac003}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f2b42c5-596b-11e1-a315-0021705ac003}\Shell\AutoRun\command - "" = N:\setup.exe -a
    [2011/12/17 15:04:48 | 000,008,426 | -HS- | C] () -- C:\Users\Melissa\AppData\Local\505417c5w032f023y141p1sgc2i4
    [2011/12/17 15:04:48 | 000,008,426 | -HS- | C] () -- C:\ProgramData\505417c5w032f023y141p1sgc2i4
    [2010/12/24 19:37:00 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0E1F7F2356.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#4
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
I attempted to perform the first action, I ran OTL and it started to work and then froze. It told me that the program was no longer responding so it was closed and when I attempted to run it again a blue screen popped up with white lettering telling me that the computer was being shut down to prevent damage to the operating system, there was a lot of writing and it rebooted so quick I could not read it all. Should I attempt to run the OTL fix again, or should I try it in safe mode?
  • 0

#5
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
When I ran it that first time, the screen showed OTL not responding and in the fix box at the bottom it shows [emptytemp] and [reboot]. It appeared that it was attempting yo do something just before it froze up.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Hi nyraidersfan,

Can you try run it in Safe Mode

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#7
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
The same thing occurred it appears to be working but gets stuck in the same spot. After waiting about 5 minutes I have to force close it, this time I noticed when I brought up the control panel and attempted to close it the screen appeared frozen with the pictures of each previous window, almost like it froze in place.
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Leave OTL for now. Please run Step 2, Combofix, and post log here for me.
  • 0

#9
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
ok doing it now
  • 0

#10
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
Hopefully it does not make a difference between Safe mode and normal, since I can not do much right now in Normal mode, Here is the log from ComboFix:

ComboFix 12-03-16.03 - Melissa 03/16/2012 9:49:06.1.4 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.5149 [GMT -4:00]
Running from: C:\Users\Melissa\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\SelectRebates
C:\Program Files (x86)\SelectRebates\FFToolbar\chrome.manifest
C:\Program Files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
C:\Program Files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
C:\Program Files (x86)\SelectRebates\FFToolbar\install.rdf
C:\Program Files (x86)\SelectRebates\SahImages\alert.png
C:\Program Files (x86)\SelectRebates\SahImages\check.png
C:\Program Files (x86)\SelectRebates\SahImages\close.png
C:\Program Files (x86)\SelectRebates\SelectAlerts.dat
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.ini
C:\Program Files (x86)\SelectRebates\SelectRebatesA.dat
C:\Program Files (x86)\SelectRebates\SelectRebatesApi.exe
C:\Program Files (x86)\SelectRebates\SelectRebatesB.dat
C:\Program Files (x86)\SelectRebates\SelectRebatesBT.dat
C:\Program Files (x86)\SelectRebates\SelectRebatesDownload.exe
C:\Program Files (x86)\SelectRebates\SelectRebatesH.dat
C:\Program Files (x86)\SelectRebates\SelectRebatesUninstall.exe
C:\Program Files (x86)\SelectRebates\SRebates.dll
C:\Program Files (x86)\SelectRebates\SRFF3.dll
C:\Program Files (x86)\SelectRebates\Toolbar\AddtoList.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\basis.xml
C:\Program Files (x86)\SelectRebates\Toolbar\Basis.xml.dym
C:\Program Files (x86)\SelectRebates\Toolbar\Blank.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\CashBack.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\Coupons.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\icons.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\logo.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\logo_24.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\RightControls.dym
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\Scissors.bmp
C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
C:\ProgramData\SPL58A1.tmp
C:\ProgramData\SPL5A4F.tmp
C:\ProgramData\SPL5CBF.tmp
C:\ProgramData\SPL5D9C.tmp
C:\ProgramData\SPL8329.tmp
C:\ProgramData\SPL8533.tmp
C:\ProgramData\SPL9263.tmp
C:\ProgramData\SPLA637.tmp
C:\ProgramData\SPLE5D1.tmp
C:\ProgramData\SPLEE12.tmp


((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))


2012-03-16 13:59:07 . 2012-03-16 14:02:06 -------- d-----w- C:\Users\Melissa\AppData\Local\temp
2012-03-15 14:18:13 . 2012-03-15 14:18:13 -------- d-----w- C:\_OTL
2012-03-11 19:55:21 . 2012-03-16 14:00:45 -------- d-----w- C:\Windows\system32\wbem\repository
2012-03-11 15:04:12 . 2012-03-11 15:04:12 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Apple Computer
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-16 13:38:11 . 2012-03-16 13:38:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8489BF7A-E9A9-43D8-BF90-517A6C0A049D}\offreg.dll
2012-02-23 14:18:36 . 2009-10-03 00:07:55 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-08 07:13:59 . 2012-03-11 20:01:13 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8489BF7A-E9A9-43D8-BF90-517A6C0A049D}\mpengine.dll
2012-01-21 18:57:32 . 2011-08-21 13:07:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-12 20:16:28 . 2012-02-15 11:23:05 2765824 ----a-w- C:\Windows\system32\win32k.sys
2012-01-09 16:33:42 . 2010-12-24 23:09:37 3350 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-01-03 14:25:21 . 2012-02-15 11:22:44 404992 ----a-w- C:\Windows\system32\drivers\afd.sys
2011-12-20 02:46:50 . 2011-12-20 02:46:50 43520 ----a-w- C:\Windows\system32\libusb0.dll
2011-12-20 02:46:50 . 2011-12-20 02:46:50 37376 ----a-w- C:\Windows\SysWow64\libusb0.dll
2011-12-20 02:46:50 . 2011-12-20 02:46:50 29184 ----a-w- C:\Windows\system32\drivers\libusb0.sys
2011-12-20 02:46:50 . 2011-12-20 02:46:50 21504 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
this is not full Combofix log. Please post full log again.
  • 0

#12
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
Ok, this is the log that was found in the combofix folder. I will attempt to run again, if that is what you suggest.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Can you ZIP C:\Combofix.txt and attach it in your next reply.

To ZIP file:

  • Right-click on C:\Combofix.txt, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply
  • 0

#14
nyraidersfan

nyraidersfan

    Member

  • Member
  • PipPip
  • 49 posts
Thank you for all your help, I had a hardware problem. That problem was fixed after replacing a bad burnt video card. Thanks again.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Thank you for letting me know. I appreciate it :thumbsup:
  • 0



Similar Topics: Avast Not working, Computer freezes on load and logoff [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured