[helcal15]

Numerous pop-ups, windows update blocked. Several indications that numerous viruses exist. Son ran malwarebytes and showed 146 instances which he deleted but .... Son saw 3 specific instances/programs that looked suspicious in MSconfig startup including one called coupon something - don't know what that means. Here's the log:

OTL logfile created on: 11/30/2012 9:34:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Granny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 45.45% Memory free
2.93 Gb Paging File | 1.24 Gb Available in Paging File | 42.23% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 179.75 Gb Free Space | 81.42% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: GRANNY-PC | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Granny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\590352c10307d311bf4dc1addb801791\System.Windows.Input.Manipulations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\7b9e229466be7e0bc584ea7b3de23523\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\80bbc67d5ac1d961de1a3cb352176394\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ff1a3712e3bbd4944ffb5c78fd9c7bca\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d94dbbd0c84e503a6a1d192f768b45c8\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c4b80bd20da54e7664c29457c38793e\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\939aed7f13b8883a3f6437aa4f9923a6\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\10cf23de0102a0276b8804978802d4fc\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16736bed76cd56edf05ccd0e8f6b3b6e\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46f9cb63a99278b3dd7d91766bf4969e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()
MOD - c:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
MOD - C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Video Performer Manager) -- C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}
IE:64bit: - HKLM\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...0001e60761131f0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0001e60761131f0
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001e60761131f0
IE - HKCU\..\SearchScopes\{13050AE8-C317-4205-80A1-EAE885D955B1}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKCU\..\SearchScopes\{F9433DE9-1B89-44BD-9721-3CBFC777B912}: "URL" = http://websearch.ask...C9-7A7BCDD4D77C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Granny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Granny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 14:37:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Granny\AppData\Local\ArcadeCandy\[email protected] [2012/09/21 17:56:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/23 12:29:18 | 000,000,000 | ---D | M]

[2012/09/23 12:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://search.babylo...0001e60761131f0
CHR - Extension: No name found = C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Granny\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4CA59E9-B8B4-4A22-A9BF-90D6B0B2B806}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\videop~1\22639~1.201\{16cdf~1\videom~1.dll) - c:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 09:30:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/11/30 07:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/11/30 06:59:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Granny\Desktop\tdsskiller.exe
[2012/11/30 05:08:09 | 000,000,000 | ---D | C] -- C:\Users\Granny\Desktop\rkill
[2012/11/30 03:12:18 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Malwarebytes
[2012/11/30 03:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/30 03:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/30 03:12:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/30 03:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/29 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{7FFB23A1-E4AE-48B6-B843-FA5A363C2EB7}
[2012/11/29 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/11/29 19:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\78564EF246EF645300007855D6A26A4D
[2012/11/29 18:57:19 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{48F80EC1-2377-467C-9E36-C82D04C2F9FF}
[2012/11/29 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{55550907-E1BF-4DD9-AE4F-86C8EA034441}
[2012/11/27 23:07:20 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{DBC309C9-553A-4447-829D-3EDCD44E2F5D}
[2012/11/26 21:26:05 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{B0210665-4082-4FA0-A30E-C1D5475482B3}
[2012/11/26 16:00:49 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{E1AD8170-699C-46ED-B062-CE6710454517}
[2012/11/24 19:35:21 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{40D2B5F6-472C-4BA8-89B7-64D36DCD6EA1}
[2012/11/24 11:20:11 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{511B0F61-484E-4C46-8011-0BF6D2D4FD03}
[2012/11/23 21:35:01 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{05E38315-B201-4E68-8074-D4FC4E60F02E}
[2012/11/23 12:45:36 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{C142AE67-DDAC-40DC-9B61-A3460C6B49E4}
[2012/11/22 14:39:11 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{78CAB7B2-4CB1-41C9-8F67-A096E10D7ECE}
[2012/11/21 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{E9D61450-A81E-46FD-AF53-73E4AFC1C89C}
[2012/11/20 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{F6EAF0EA-ADDE-4E89-A3E5-49C76934D599}
[2012/11/19 17:27:10 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{7FDF19B5-C98D-4231-9665-760729576D9C}
[2012/11/07 06:58:43 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{4D2211F0-2DFC-4121-8482-FCF13E7780DF}
[2012/11/02 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\{561824FE-5A14-4370-984F-3A88E5A027EF}

========== Files - Modified Within 30 Days ==========

[2012/11/30 09:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/11/30 09:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 09:23:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 08:40:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-96332027-3593006056-2966749410-1000UA.job
[2012/11/30 08:37:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 08:37:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 08:29:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 08:29:52 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/11/30 08:28:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 08:28:38 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 07:38:22 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\CandyUpdater.job
[2012/11/30 07:17:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/30 06:59:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Granny\Desktop\tdsskiller.exe
[2012/11/30 03:12:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 00:06:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-96332027-3593006056-2966749410-1000Core.job
[2012/11/24 20:29:30 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2012/11/24 19:41:33 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/24 19:41:33 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/24 19:41:33 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 17:23:13 | 000,357,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/18 20:34:05 | 000,002,489 | ---- | M] () -- C:\Users\Granny\Desktop\Google Chrome.lnk
[2012/10/31 14:25:41 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGranny.job

========== Files Created - No Company Name ==========

[2012/11/30 03:12:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/18 22:38:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 22:26:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011/01/28 02:28:55 | 000,776,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/26 20:58:43 | 000,000,746 | ---- | C] () -- C:\Users\Granny\AppData\Roaming\wklnhst.dat
[2010/11/03 05:27:41 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/02 11:23:09 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2012/11/29 19:08:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e17dd2b3e2003c3b9bb50ba223206a22\L
[2012/11/29 19:08:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e17dd2b3e2003c3b9bb50ba223206a22\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/23 12:29:37 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\Babylon
[2009/12/04 21:22:09 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\PictureMover
[2011/08/13 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\Temp
[2011/01/26 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\Template
[2009/12/13 13:09:39 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\WildTangent
[2012/02/21 14:10:05 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am currently reviewing your log and will post back some instructions soon. OTL should also have produced an Extras.txt report. Could you please post that for me if you have it?

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am currently reviewing your log and will post back some instructions soon. OTL should also have produced an Extras.txt report. Could you please post that for me if you have it?

[helcal15]

I am very inexperienced in working with systems so I may need extra help. when I worked I had tec support so never had to get into this area.

Here's the extras.txt

OTL Extras logfile created on: 11/30/2012 9:34:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Granny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 45.45% Memory free
2.93 Gb Paging File | 1.24 Gb Available in Paging File | 42.23% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 179.75 Gb Free Space | 81.42% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: GRANNY-PC | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07777A33-5739-4856-BCD4-A8601D342D6C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{17891BBC-AC88-495B-A183-687D2547C4EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1EDE5B38-F9D8-4002-A453-8CBB22099408}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{25725883-663A-43FE-8D1D-79466E447608}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A7C8C69-9A43-4F25-A458-E7CE957F56F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{303A25C3-7E9E-4ADE-B78D-075D4C535C0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{33842E6A-5A05-483E-9FD8-875C0155DDD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44B6D0BE-AE0C-42F6-AD3A-98BE6E56AE79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F8DF2C9-32AC-4CEE-A51C-D19A4F65D391}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{531825CB-EDB3-45BF-9C23-50523B1FBF10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AFD735B-6FC0-4C1D-9D1C-FF13790EF72C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{61A221D3-DA61-49EF-B560-786241562D4E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{62146FEC-05D8-4BF6-8E85-1E16F1335329}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{6BBC15BF-EEE7-4C74-A95F-FEAFFE43C197}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6EA4522A-012D-4EDC-AAC0-C2D3CF0F2E54}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71210AFC-96DA-4A28-AC5F-2D5BED4F0E0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76F0980C-ECDD-4FDF-83DC-9201C3FCBCB2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{7C9D0D86-71A1-495D-A7E2-9E4473140D4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81E238A5-D5A2-48EC-8E99-BF3E4A188E65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{884A118E-9375-4199-8BD8-47D3E9ADD07B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B48B569-3983-45D6-8494-CD931E025932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F3E6B8B-162A-469C-BFDE-7A445F225627}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92E013EF-E52B-4354-A268-CB3370FE24D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9CB613AF-6ED8-4681-823B-ECF64967669A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0376B98-C21E-4E20-AF16-B1A3BF82271B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0B67000-3D7D-415F-81F3-BB2CF4D664EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8AADEFD-9A48-407C-95A1-4030DC227EA0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AF6BCF22-7EE6-42E0-AD6F-659DA695444A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0AF3451-383F-44E2-B16C-A5C5AE4F1819}" = lport=137 | protocol=17 | dir=in | app=system |
"{B33F1B15-2CD3-4340-8A07-2EBE2CEAE70B}" = rport=137 | protocol=17 | dir=out | app=system |
"{CDB185D4-6DF3-4A7B-882F-9A09A0640487}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1AD11BD-E5A5-485B-8B5C-00650E0EC3E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{D367AE09-BDF6-40B4-B46D-0BD9AE33B34D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D73C6CA0-9192-4B55-BCA3-9FBCF4CFFB39}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC7D9F38-D58F-49E4-BE76-52ACFDD2B32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E182B812-C52C-4DCE-A3EF-D964FBB262CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8BC47FB-C41A-4C9E-8257-19879EB4C43B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7292ECC-A7E6-4585-A794-C14F53EA185F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FABC8773-4F2D-4397-A79C-AA9725773F09}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0875A254-A559-4D68-946D-96AE9D5F88D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0D4EF626-D742-42BA-ADE4-4B20CBC7C3CB}" = protocol=17 | dir=in | app=c:\users\granny\appdata\local\temp\7zs5d91.tmp\symnrt.exe |
"{0F5E874F-0F48-42BF-ADCD-C4726029D6E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1132E09B-830D-4467-A12D-040D2067385F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{157A38E3-FB68-4A1C-8910-C762C902838D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{18259613-3ACC-4C95-95B2-1AA789757C32}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{241F6AD1-8D69-4870-91F6-66254D211A4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25BB8B1B-B8CB-4CBF-A7E6-38C243E0263C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2941A24A-DD86-4C7E-8C97-55F8C3EE85E8}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{2F021A81-AE46-4F80-B17A-99BE7975BFE8}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{462FD153-35EB-416C-B3F1-5D823F15009D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{49A081E4-D53C-4537-8D6A-258A0FB9B660}" = protocol=6 | dir=out | app=system |
"{504F1580-44FB-4EF2-A2A9-E5ADB91E2B84}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{50E41D20-C8CF-485F-B8C9-669ECD50CFFA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{52373055-425D-4D3C-AAA7-07F8C3926A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5801DB35-A55D-4434-926D-43CD7409B2E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59A57CB3-4A6A-4666-9650-FC7956DF51DB}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{5A8155E9-806A-49F3-9551-FCD92469C41A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65DBFEC9-2C75-49AA-A91B-1E21E72FE0D5}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6EC9CADD-58E9-4FFC-8FDD-7DE2A22C9AE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{700372F8-BBE3-4A48-BDFD-1F38478442ED}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{72C11D85-3978-4B21-968A-A5F748E42E99}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{76EA2926-8FC4-4BCF-A78B-D26B15CE7B8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{804F99B5-BAA5-4155-86B8-5E44826044A9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{85AB2A8D-64C6-435A-B9A3-6117EFD0484B}" = protocol=58 | dir=out | [email protected],-28546 |
"{86CB1F68-6B96-4258-B328-5C38662B4381}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{87BE63B4-530F-4101-A7D9-E3C92F0868E0}" = protocol=6 | dir=in | app=c:\users\granny\appdata\local\temp\7zs5d91.tmp\symnrt.exe |
"{8911DD1B-6AC4-439D-A90A-F2C5442A4A07}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{8DB1A87F-60ED-41C3-8D34-0B7396E606BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91BC3D8E-2BD4-44BE-A119-0F06E133063A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CCB254A-AE2F-4EA2-878E-F94F309F95AB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{A20C7F07-0DC3-49ED-90C7-470EC172735B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A471987E-4734-45B2-9E42-30EDE86C4046}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4F7142B-A0A5-451E-AF53-CEC8D29F840A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A729A7CE-BE1E-4B2D-866C-E14A48FC4E45}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{AB3EF3F9-D61E-4EBA-BDD9-4FDBD0F08B6A}" = protocol=1 | dir=in | [email protected],-28543 |
"{BAE752B8-6237-4431-8A46-D6C52F9E0AF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD5E8BE1-A8ED-4541-A745-C0310800FE7D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{C06883DE-A3C6-47B6-84EA-AE03766C005F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7DACDDA-6044-4BBF-B783-4F9B132028B6}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{C7DB7198-2AE5-4E8C-9CB7-612876A331D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C811A9-9247-43DF-9C04-82DB1ACDD833}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB5926DA-C415-415C-9AAD-E2F46A690808}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2563D22-A432-40D7-AFA2-1B9B8895B3D5}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{D33B9F31-FCFC-46A1-B1FA-2BF3ED2EA657}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DDE8D99F-5DD1-4133-BA59-997F69E5F985}" = protocol=58 | dir=in | [email protected],-28545 |
"{E01E9E25-DDED-4DE0-9E21-F1BE726590BE}" = protocol=1 | dir=out | [email protected],-28544 |
"{E3AD5503-A273-4106-9B3E-42AB630DC5E0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E9D24AE4-35B4-4CF3-85E2-7A6BEDD8CAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{F268F7F7-22FB-4882-9255-B52409E9240F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8F9A0BC-0320-4AB2-AA2F-987B2943ED20}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{40871326-B575-4EFB-B22E-4D68D9BB73FE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9C67F8FD-80C9-4930-BB31-4E009D4D7A7B}C:\windows\syswow64\macromed\flash\flashutil32_11_3_300_271_activex.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\macromed\flash\flashutil32_11_3_300_271_activex.exe |
"TCP Query User{D06182CA-6BEE-4025-A8DD-2927A55528D5}C:\program files (x86)\hp\digital imaging\smart web printing\hpswp_clipbook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_clipbook.exe |
"TCP Query User{F83BDB1B-FEA8-4D8F-8152-3033F8B76D13}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FFFA432A-ED85-4DAB-BD49-3363AF763E6F}C:\windows\system32\igfxsrvc.exe" = protocol=6 | dir=in | app=c:\windows\system32\igfxsrvc.exe |
"UDP Query User{0959C8BA-45E5-4177-AD29-71BFDE98877B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{36C0E9AD-6F65-43AA-ACCC-3549E6DDB314}C:\windows\system32\igfxsrvc.exe" = protocol=17 | dir=in | app=c:\windows\system32\igfxsrvc.exe |
"UDP Query User{71985CEE-6093-4F38-99A6-35C14FF74BFD}C:\program files (x86)\hp\digital imaging\smart web printing\hpswp_clipbook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_clipbook.exe |
"UDP Query User{DC01C3F3-A168-4D94-8A0F-6AFCF576E26D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{E13267C1-8420-4AD7-BEFB-15C52B85968B}C:\windows\syswow64\macromed\flash\flashutil32_11_3_300_271_activex.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\macromed\flash\flashutil32_11_3_300_271_activex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Video Performer Manager
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837B34E3-7C30-493C-8F6A-2B0F04E2912C}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"amg-ancientspidersolitaire" = Ancient Spider Solitaire
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Network MagicUninstall" = Network Magic
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VideoPerformer" = VideoPerformer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6A2EF989-A524-48bf-985F-9D076B334980}" = ArcadeCandy
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2012 9:21:33 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/24/2012 9:21:33 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 768711

Error - 7/24/2012 9:21:33 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 768711

Error - 7/24/2012 9:21:43 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/24/2012 9:21:43 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 778211

Error - 7/24/2012 9:21:43 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 778211

Error - 7/24/2012 9:21:53 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/24/2012 9:21:53 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 788414

Error - 7/24/2012 9:21:53 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 788414

Error - 7/24/2012 9:22:04 PM | Computer Name = Granny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Hewlett-Packard Events ]
Error - 10/1/2012 2:20:38 AM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:49:37 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:49:37 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:50:13 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:52:47 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:55:13 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:57:10 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 9:57:11 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 10:01:42 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 10:04:13 PM | Computer Name = Granny-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 11/30/2012 7:28:28 AM | Computer Name = Granny-PC | Source = DCOM | ID = 10005
Description =

Error - 11/30/2012 7:28:28 AM | Computer Name = Granny-PC | Source = DCOM | ID = 10005
Description =

Error - 11/30/2012 7:28:28 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/30/2012 8:52:52 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7034
Description = The BBUpdate service terminated unexpectedly. It has done this 1
time(s).

Error - 11/30/2012 8:53:08 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 11/30/2012 9:20:47 AM | Computer Name = Granny-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800b0100: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error - 11/30/2012 9:52:22 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 11/30/2012 10:07:31 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 11/30/2012 10:23:47 AM | Computer Name = Granny-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 11/30/2012 10:28:46 AM | Computer Name = Granny-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:26:21 AM on ?11/?30/?2012 was unexpected.


< End of report >


Thanks for helping - I'll be close to my laptop all day.

[Buddierdl]

Hi helcal15,

I am very inexperienced in working with systems so I may need extra help. when I worked I had tech support so never had to get into this area.

Don't worry about it. If you are confused or unsure about anything, just stop and ask me.

Let's get started.

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please follow the instructions below:

Step 1: Run OTL fix.

Start OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :Commands
  [createrestorepoint]
  
  :OTL
  MOD - c:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
  MOD - C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
  
  SRV - (Video Performer Manager) -- C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe ()
  
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/23 12:29:18 | 000,000,000 | ---D | M]
  
  O20 - AppInit_DLLs: (c:\progra~3\videop~1\22639~1.201\{16cdf~1\videom~1.dll) - c:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
  
  :Files
  C:\$Recycle.Bin\S-1-5-18\$e17dd2b3e2003c3b9bb50ba223206a22
  C:\ProgramData\Video Performer Manager
  
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered.
• Post the log it produces in your next reply.

Step 2: Run RogueKiller.

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix

• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4: Get a fresh OTL log. Please note the slightly different directions.

Hello, user. Please run the following scan for me.
Open OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

  baseservices

• Select the Scan All Users box in the middle on the top of the window
• Click the Run Scan button. Post the log it produces in your next reply.

Things I need in your next reply:

• OTL fix log
• RogueKiller logs
• adwCleaner log
• fresh OTL log
• How is your computer running now?

[helcal15]

Guess I'll have the disk reformatted and reinstall windows. My son tells me that I will have to change all passwords too so I don't get it again.

Thanks

Helen

[Buddierdl]

Yes, you should change all of your online passwords to protect your sensitive information. If you need any help with the reformat or have any questions, please feel free to ask me.

[helcal15]

Hello it's her son.


Currently I am in the process of reformatting her pc and doing a fresh install. The thing is she has a factory made HP recovery partition and I am a little worried that the virus might of dropped itself inside there. She can't find the original discs if it came with any. I did a little searching and found that it was unlikely a factory recovery partition gets infected but not impossible. Would it be ok after everything is said and done if I post fresh OTL logs in this thread?

I also plan on setting up a sandbox for her browsing after all is said and done. As just a layer of extra protection. Definitely needs to be something simple, thoughts? Not to sure how effective they really are at containing malware.

Edited by helcal15, 30 November 2012 - 07:09 PM.

[Buddierdl]

Hi,

Would it be ok after everything is said and done if I post fresh OTL logs in this thread?

Feel free to do this. Also, for a more thorough look, could you please also post the scan below.

I also plan on setting up a sandbox for her browsing after all is said and done. As just a layer of extra protection. Definitely needs to be something simple, thoughts? Not to sure how effective they really are at containing malware.

Sandboxing would make browsing a little more complicated, but it could give you some added protection. I have personally never used sandboxing and I think it may be a little bit more than is necessary if you practice good browsing habits. You can check out Sandboxie to learn more.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[helcal15]

Sorry about the long wait. i was up most of the night downloading and installing updates. I see a aswMBR.dat file as well. Not to sure if you wanted that as well?


OTL logfile created on: 12/1/2012 4:57:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Granny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.60% Memory free
5.86 Gb Paging File | 4.38 Gb Available in Paging File | 74.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 182.93 Gb Free Space | 82.85% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: GRANNY-PC | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Granny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe (Microsoft Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dc28c9f7d8d36447c704c0ef119df673\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\aa983d1ad8df4422c0859ab4d6e19a83\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Users\Granny\AppData\Roaming\PictureMover\EN-US\Presentation.dll ()
MOD - C:\Users\Granny\AppData\Roaming\PictureMover\Bin\Core.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}
IE:64bit: - HKLM\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}
IE - HKLM\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\..\SearchScopes,DefaultScope = {227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}
IE - HKCU\..\SearchScopes\{227DFF7C-67B5-4876-9C20-F5FBDAC3A31D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{39D6653E-C4EC-4AD6-9A34-513EE6E38898}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 14:37:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6665F25C-481A-41AC-BD59-5D26194602F9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 16:44:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/12/01 01:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/01 01:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/01 00:58:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/01 00:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/12/01 00:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/01 00:48:35 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Adobe
[2012/11/30 22:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/11/30 22:53:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/11/30 22:28:57 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/11/30 22:28:21 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/11/30 21:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/11/30 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/11/30 20:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/11/30 20:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/11/30 20:24:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/11/30 20:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/11/30 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Windows Live
[2012/11/30 20:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/30 20:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/11/30 20:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/30 19:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/11/30 19:52:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
[2012/11/30 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\muvee Technologies
[2012/11/30 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2012/11/30 19:49:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/11/30 19:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/11/30 19:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2012/11/30 19:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PictureMover
[2012/11/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/30 19:43:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012/11/30 19:43:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012/11/30 19:43:15 | 000,000,000 | ---D | C] -- C:\Intel
[2012/11/30 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/11/30 19:42:17 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/11/30 19:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/11/30 19:41:43 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/11/30 19:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/11/30 19:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012/11/30 19:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/11/30 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/11/30 19:35:37 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/30 19:33:05 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/11/30 19:31:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/11/30 18:50:33 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/11/30 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\HpUpdate
[2012/11/30 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Macromedia
[2012/11/30 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Hewlett-Packard
[2012/11/30 18:40:12 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\PictureMover
[2012/11/30 18:39:57 | 000,000,000 | R--D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/30 18:39:57 | 000,000,000 | R--D | C] -- C:\Users\Granny\Searches
[2012/11/30 18:39:57 | 000,000,000 | R--D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/30 18:39:56 | 000,000,000 | -H-D | C] -- C:\Users\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/11/30 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Identities
[2012/11/30 18:39:47 | 000,000,000 | R--D | C] -- C:\Users\Granny\Contacts
[2012/11/30 18:39:45 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\VirtualStore
[2012/11/30 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Hewlett-Packard_Company
[2012/11/30 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\hpqlog
[2012/11/30 18:39:26 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Hewlett-Packard
[2012/11/30 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\HP TCS
[2012/11/30 18:34:43 | 000,000,000 | --SD | C] -- C:\Users\Granny\AppData\Roaming\Microsoft
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Videos
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Saved Games
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Pictures
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Music
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Links
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Favorites
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Downloads
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Documents
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\Desktop
[2012/11/30 18:34:43 | 000,000,000 | R--D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\AppData\Local\Temporary Internet Files
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Templates
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Start Menu
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\SendTo
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Recent
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\PrintHood
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\NetHood
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Documents\My Videos
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Documents\My Pictures
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Documents\My Music
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\My Documents
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Local Settings
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\AppData\Local\History
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Cookies
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\Application Data
[2012/11/30 18:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Granny\AppData\Local\Application Data
[2012/11/30 18:34:43 | 000,000,000 | -H-D | C] -- C:\Users\Granny\AppData
[2012/11/30 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Temp
[2012/11/30 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2012/11/30 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Microsoft
[2012/11/30 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2012/12/01 16:49:16 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 16:49:16 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 16:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/12/01 16:42:03 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/12/01 16:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 16:40:20 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/01 02:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 00:53:00 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/01 00:53:00 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/01 00:53:00 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/01 00:52:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/12/01 00:48:16 | 000,001,441 | ---- | M] () -- C:\Users\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/01 00:16:44 | 000,329,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/30 20:19:23 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/11/30 20:19:23 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/11/30 20:04:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/11/30 20:04:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/30 19:49:05 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/11/30 19:47:41 | 000,014,328 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/11/30 19:42:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/11/30 18:35:26 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9354GC1_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#121130_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/11/30 18:35:26 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9354GC1_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#121130_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK

========== Files Created - No Company Name ==========

[2012/12/01 00:58:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 00:52:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/12/01 00:51:58 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/01 00:48:16 | 000,001,441 | ---- | C] () -- C:\Users\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/30 22:30:28 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/11/30 22:27:56 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/11/30 22:27:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/11/30 22:27:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/11/30 22:27:17 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/11/30 20:54:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/30 20:24:17 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/11/30 20:24:09 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/11/30 20:23:46 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/11/30 20:23:27 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/11/30 20:04:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/11/30 20:04:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/30 19:50:24 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/11/30 19:50:18 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/11/30 19:49:04 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/11/30 19:49:04 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/11/30 19:48:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/30 19:47:41 | 000,014,328 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/11/30 19:42:17 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/11/30 19:42:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/11/30 19:37:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/30 19:37:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/30 19:34:57 | 2361,806,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/30 19:33:36 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2012/11/30 18:40:02 | 000,001,413 | ---- | C] () -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/11/30 18:39:58 | 000,001,447 | ---- | C] () -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/30 18:36:56 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
[2012/11/30 18:36:56 | 000,001,562 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days.lnk
[2012/11/30 18:36:53 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/11/30 18:36:53 | 000,002,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2012/11/30 18:36:53 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/11/30 18:36:52 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012/11/30 18:35:26 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9354GC1_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#121130_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/11/30 18:35:26 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9354GC1_E575912-001_4A_I3612_SWistron_V09.66_F.52_T090826_WU3-0_L409_M3004_J250_7Intel_867A_92.19_#121130_N10EC8136;168C002B_(VM083UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/11/30 18:34:43 | 000,000,290 | ---- | C] () -- C:\Users\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/30 18:34:43 | 000,000,272 | ---- | C] () -- C:\Users\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/30 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Granny\AppData\Roaming\PictureMover

========== Purity Check ==========



< End of report >





aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 17:10:35
-----------------------------
17:10:35.543 OS Version: Windows x64 6.1.7601 Service Pack 1
17:10:35.543 Number of processors: 1 586 0x170A
17:10:35.544 ComputerName: GRANNY-PC UserName: Granny
17:10:39.360 Initialize success
17:11:41.525 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:11:41.527 Disk 0 Vendor: ST9250315AS 0005HPM1 Size: 238475MB BusType: 11
17:11:41.589 Disk 0 MBR read successfully
17:11:41.592 Disk 0 MBR scan
17:11:41.594 Disk 0 unknown MBR code
17:11:41.602 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:11:41.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226085 MB offset 409600
17:11:41.650 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12189 MB offset 463431680
17:11:41.681 Disk 0 scanning C:\Windows\system32\drivers
17:11:50.926 Service scanning
17:12:10.774 Modules scanning
17:12:10.783 Disk 0 trace - called modules:
17:12:10.848 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:12:10.853 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800336f440]
17:12:11.187 3 CLASSPNP.SYS[fffff880010f443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e5a650]
17:12:11.193 Scan finished successfully
17:12:28.143 Disk 0 MBR has been saved successfully to "C:\Users\Granny\Desktop\MBR.dat"
17:12:28.150 The log file has been saved successfully to "C:\Users\Granny\Desktop\aswMBR.txt"

[Buddierdl]

Hi,

I don't really see anything in your logs. How is the computer running? Any problems or questions?

[helcal15]

It seems like it's running normal. I have not seen anything out of the ordinary. I plan to look at it from time to time over the next few weeks just to see
if anything pops up out of the ordinary. Just liked to say thank you. She did not believe me about how serious the situation could be. Considering what all she used the pc for. It's why I wanted her to come here and get help and go through the steps herself. Your first reply pretty much got the message across.

Edited by helcal15, 02 December 2012 - 08:07 PM.

[Buddierdl]

Glad we could help. I am going to go ahead and close this post, but if anything comes up and you need more help, just PM me and I will get it reopened.

Also I would like to mention two more options with reference to sandboxing.

IE 10 will have a sandboxing-type feature called "Enhanced Protection Mode" that you can check out. IE 10 is still in beta now, but you can try it out.

dropmyrights is a Microsoft program that you can use to run browsers and other programs in a reduced privileges mode.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.