[Deon]

Hi all,

My fiances computer has been running terribly slow and laggy lately. I've deleted a bunch of crap and bloatware from the PC manufacturer and ran a virus scan etc... can you have a quick check through the attached OTL log and let me know if there's anything else I might have missed?


Cheers,
Deon.

OTL logfile created on: 8/26/2012 7:24:02 PM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Breeanna\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.93 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 65.19% Memory free
3.87 Gb Paging File | 3.09 Gb Available in Paging File | 80.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.44 Gb Total Space | 195.46 Gb Free Space | 88.27% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.88 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

Computer Name: BREEANNA-PC | User Name: Breeanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 18:42:12 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Breeanna\Downloads\OTL.exe
PRC - [2012/08/26 18:07:50 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/16 19:06:16 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2010/04/07 22:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/28 01:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/05 19:19:44 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/22 11:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 18:07:50 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/16 19:06:16 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2009/06/18 05:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/18 05:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/18 05:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV - [2012/08/26 18:07:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/16 19:06:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/05/03 07:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
SRV - [2010/04/07 22:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/28 01:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2009/07/22 11:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 10:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 08:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/09 11:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/25 04:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/26 22:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/04/30 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/07 11:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {93ADC3AB-20DC-406E-9709-DB94B6E8F99C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{93ADC3AB-20DC-406E-9709-DB94B6E8F99C}: "URL" = http://slirsredirect...hpcnnbie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\..\SearchScopes,DefaultScope = {93ADC3AB-20DC-406E-9709-DB94B6E8F99C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{93ADC3AB-20DC-406E-9709-DB94B6E8F99C}: "URL" = http://slirsredirect...hpcnnbie7-en-au
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..network.proxy.backup.ftp: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.chisholm.vic.edu.au"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Breeanna\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Breeanna\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/26 18:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/26 18:07:51 | 000,000,000 | ---D | M]

[2010/01/07 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Breeanna\AppData\Roaming\Mozilla\Extensions
[2012/08/26 18:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Breeanna\AppData\Roaming\Mozilla\Firefox\Profiles\a00zi5cc.default\extensions
[2012/03/03 18:27:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Breeanna\AppData\Roaming\Mozilla\Firefox\Profiles\a00zi5cc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/26 18:07:40 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\Breeanna\AppData\Roaming\Mozilla\Firefox\Profiles\a00zi5cc.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/08/26 18:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/26 18:48:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/08/26 18:07:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/26 18:07:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/26 18:07:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Breeanna\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Breeanna\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Breeanna\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Breeanna\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Breeanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Breeanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Breeanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/01 14:51:56 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5119E7D9-5C9F-4042-95DC-23D6F751CEE9}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 18:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/26 18:49:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/26 18:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/26 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Breeanna\AppData\Local\Macromedia
[2012/08/26 18:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc
[2012/08/26 18:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\HashCalc
[2012/08/26 18:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/26 18:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/08/26 19:26:24 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/26 19:26:24 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/26 19:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 19:20:01 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 19:16:57 | 000,023,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 19:16:57 | 000,023,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 19:15:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1529345075-1388736520-1265581705-1000UA.job
[2012/08/26 19:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 18:49:13 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 18:32:13 | 000,000,877 | ---- | M] () -- C:\Users\Breeanna\Desktop\HashCalc.lnk
[2012/08/26 18:22:31 | 000,000,020 | ---- | M] () -- C:\Windows\`ôN
[2012/08/26 18:07:53 | 000,001,994 | ---- | M] () -- C:\Users\Breeanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/26 14:58:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1529345075-1388736520-1265581705-1000Core.job
[2012/08/23 20:32:31 | 000,002,430 | ---- | M] () -- C:\Users\Breeanna\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/26 18:49:13 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 18:32:13 | 000,000,877 | ---- | C] () -- C:\Users\Breeanna\Desktop\HashCalc.lnk
[2012/08/26 18:22:30 | 000,000,020 | ---- | C] () -- C:\Windows\`ôN
[2012/08/26 18:07:53 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/12 10:42:35 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012/02/12 10:42:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012/02/12 10:41:58 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2012/02/12 10:41:53 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/04/25 20:57:38 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2009/11/05 18:45:47 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2009/12/30 11:39:21 | 000,000,000 | ---D | M] -- C:\Users\Breeanna\AppData\Roaming\Gamelab
[2012/03/15 12:31:00 | 000,000,000 | ---D | M] -- C:\Users\Breeanna\AppData\Roaming\Lite
[2011/07/29 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\Breeanna\AppData\Roaming\TeamViewer
[2009/07/14 14:53:46 | 000,007,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 8/26/2012 7:24:02 PM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Breeanna\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.93 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 65.19% Memory free
3.87 Gb Paging File | 3.09 Gb Available in Paging File | 80.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.44 Gb Total Space | 195.46 Gb Free Space | 88.27% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.88 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

Computer Name: BREEANNA-PC | User Name: Breeanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C108125-1D23-475C-80C3-E3EE4819EF48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0501899-4853-4158-9B83-2704A07F0727}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{BE56FCD6-286E-476D-809C-A542CE0A8063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB3B3DBA-6286-4AEA-8C79-F82A909BABB6}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{E558BA5C-2FC8-4AAF-9946-2B93EA3408E1}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6CEA5D-BA47-4AFE-9339-97FCF286E496}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27D9BFF4-F7D0-40EB-8CF3-291C94C64FCF}" = protocol=17 | dir=in | app=c:\users\breeanna\appdata\local\temp\7zs2d07.tmp\easyinst.exe |
"{2F37C71D-66A0-45D7-8D64-C7BB530AF12A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{321A830C-6388-46A0-8B3A-B404CCE0CCCC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{346D6B3A-7599-4929-846A-14E5774DEDFA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3B4B557B-5C31-4541-958C-A3639DE335C5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{54F7FE18-0664-4D13-8F77-A2F5AB229873}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe |
"{915691E4-A896-4EF5-BA68-46C2570217A2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe |
"{B92694CB-6F6E-42B0-84C1-CEDC82F7955B}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe |
"{E4633718-DEA9-4907-827E-01122C597291}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe |
"{EA098130-596B-419F-A5A6-091DDDAAC89E}" = protocol=6 | dir=in | app=c:\users\breeanna\appdata\local\temp\7zs2d07.tmp\easyinst.exe |
"{F423979F-8FD1-4BF3-A599-47A608F7DEDF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{0982DA61-A2CE-42C9-919A-9052BBE7F4C3}C:\users\breeanna\downloads\tinyumbrella-4.33.02.exe" = protocol=6 | dir=in | app=c:\users\breeanna\downloads\tinyumbrella-4.33.02.exe |
"UDP Query User{2E216D5E-C5F1-4CA2-946D-40A726E55B79}C:\users\breeanna\downloads\tinyumbrella-4.33.02.exe" = protocol=17 | dir=in | app=c:\users\breeanna\downloads\tinyumbrella-4.33.02.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 34
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HashCalc_is1" = HashCalc 2.02
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)
"wLite" = webcamXP Lite
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2011 3:28:21 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 5/12/2011 3:29:33 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 5/26/2011 8:26:39 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 5/26/2011 8:27:59 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 6/4/2011 11:19:46 PM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/4/2011 11:21:03 PM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 6/7/2011 12:50:20 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/7/2011 12:51:40 AM | Computer Name = Breeanna-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 7/13/2011 9:16:11 PM | Computer Name = Breeanna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 14.0.4734.1000,
time stamp: 0x4b58faef Faulting module name: mso.dll, version: 14.0.4734.1000, time
stamp: 0x4b58ffba Exception code: 0xc0000005 Fault offset: 0x008da8c1 Faulting process
id: 0xb38 Faulting application start time: 0x01cc41beee036f2f Faulting application
path: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE Faulting module path:
C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll Report Id: dbc4d398-adb6-11e0-aecb-00269eb54e7d

Error - 7/13/2011 10:19:38 PM | Computer Name = Breeanna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 14.0.4734.1000,
time stamp: 0x4b58faef Faulting module name: mso.dll, version: 14.0.4734.1000, time
stamp: 0x4b58ffba Exception code: 0xc0000005 Fault offset: 0x0049117f Faulting process
id: 0x11b8 Faulting application start time: 0x01cc41c3a7e8e0fa Faulting application
path: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE Faulting module path:
C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll Report Id: b8e3a23d-adbf-11e0-aecb-00269eb54e7d

[ Hewlett-Packard Events ]
Error - 3/11/2011 4:33:11 AM | Computer Name = Breeanna-PC | Source = Hewlett-Packard | ID = 0
Description = en-AU Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 4/1/2011 6:01:47 AM | Computer Name = Breeanna-PC | Source = Hewlett-Packard | ID = 0
Description = en-AU Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.Page_Loaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ System Events ]
Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/8/2012 8:38:22 AM | Computer Name = Breeanna-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

Attached Files

•  OTL.Txt   45.63KB   92 downloads
•  Extras.Txt   41.55KB   96 downloads

[Advertisements]

She's set up to use a proxy at school. If she's not at the school she should turn it off:

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


This next one is better run over night as it is slow:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


I don't see an anti-virus. I suggest you give her the free Avast.

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

Once you have it installed and it has updated, here's another overnight scan for you:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? Text version that you can copy and paste is at C:\ProgramData\Avast Software\Avast\report\aswboot.txt

Ron

[RKinner]

She's set up to use a proxy at school. If she's not at the school she should turn it off:

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


This next one is better run over night as it is slow:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


I don't see an anti-virus. I suggest you give her the free Avast.

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

Once you have it installed and it has updated, here's another overnight scan for you:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? Text version that you can copy and paste is at C:\ProgramData\Avast Software\Avast\report\aswboot.txt

Ron