Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome Slowness and Multiple windows


  • This topic is locked This topic is locked

#1
vanaya2002

vanaya2002

    Member

  • Member
  • PipPip
  • 19 posts

Hello, I was given a computer because it was slow and unused. I turned it on and it would take 10 minutes for all icons to become visable. It has Chrome loaded and when I waiting for everything to load, task manager showed 20 chrome.exe processes. I would like to give this to my daughter for her 1st computer.

 

details are windows 7 enterprise

2 gb Ram

500gb hdd


Edited by vanaya2002, 24 October 2014 - 03:04 PM.

  • 0

Advertisements


#2
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sorry... Here are the logs:

OTL logfile created on: 10/24/2014 2:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.46% Memory free
4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 82.01 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
PRC - [2014/09/12 13:14:56 | 004,812,048 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/11/27 10:21:36 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/09/04 19:16:46 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/01/06 21:56:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/08/24 07:28:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/21 21:27:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/20 19:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/20 19:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/14 10:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 20:31:36 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/21 22:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://www.search.as...earchTerms}=
IE - HKCU\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: RootsSearch = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolcffalbhpnojekmimmelebjchjmmgn\216\
CHR - Extension: Plurk Smile = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc\150\
CHR - Extension: Google Drive = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SaaVeNewaaAppzz = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealpkehiehmakajjiloflfgcgfolcbfh\5.5\
CHR - Extension: Facebook Invite Them All = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\jladghljinmlokelojmdmblikkifabea\187\
CHR - Extension: AllCheapPruiece = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\knaghkccffgjdehaejjikbcbkfbjfhda\5.2\
CHR - Extension: DigiSaverr = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncomdhjkceaccjbblmhcpknkoioglfaa\6.7\
CHR - Extension: Google Wallet = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Send Link by Email or Gmail = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf\172\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A942780-5EBF-47FA-97F6-12C98AB072B9}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3475DAB-42F8-4D87-926A-21588422BABC}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/09/19 20:14:40 | 000,506,686 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/05/20 22:48:52 | 000,554,584 | R--- | M] (Hewlett-Packard)
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/23 22:04:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
[2014/10/23 21:40:10 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\backups
[2014/10/23 21:07:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/10/22 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/22 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/10/22 06:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/10/22 06:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/10/22 06:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/10/22 06:35:22 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2014/10/22 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EXsttraSSaavvingso
[2014/10/21 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/10/21 22:51:27 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/21 22:51:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/21 22:51:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/21 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExstraeSaviuNgs
[2014/10/21 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FFuaNDeals
[2014/10/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\DoewnSave
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/24 14:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/24 13:55:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/24 13:55:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/24 13:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/24 00:15:18 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC9C60EF-27E4-49AB-8545-D1CC1B5B5699}.job
[2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 22:03:36 | 000,659,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/23 22:03:36 | 000,125,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/23 21:55:48 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/23 21:55:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/23 21:55:05 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/23 21:10:56 | 000,380,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/23 21:07:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/10/23 21:07:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 21:01:38 | 000,903,612 | ---- | M] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | M] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/22 21:23:11 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:53:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/10/21 21:27:10 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/10/21 21:27:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/10/01 11:11:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/23 21:55:05 | 2138,497,024 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/23 21:01:28 | 000,903,612 | ---- | C] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | C] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/10/22 22:36:10 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/21 22:53:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/10/21 22:52:56 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/25 19:41:02 | 000,141,197 | ---- | C] () -- C:\Windows\hpoins14.dat
[2013/12/15 13:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2013/10/12 03:21:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/10/12 03:21:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/07/18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/07/18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/11/10 20:18:10 | 000,003,584 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 18:28:32 | 000,000,680 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/01/06 21:51:43 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 02:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/29 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Hewlett Packard
[2013/02/11 10:06:47 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\InterVideo
[2014/01/03 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SampleView
[2013/11/01 04:50:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Samsung
[2013/11/06 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SendSpace
[2014/10/22 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/23 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
 
========== Purity Check ==========
 
 

< End of report >

 

OTL Extras logfile created on: 10/24/2014 2:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.46% Memory free
4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 82.01 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7060CBB7-DA25-4A9F-B7E0-1F78EDCE35EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043710F8-0376-45AA-938C-6D1811897BA5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{075E3233-64B1-4DF4-A979-7332F0B90CC0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{16391C2C-0DD6-4D76-B415-7508FEB990A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{32F30E12-03D7-40B6-B26E-908C335EE3C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D01F4718-A808-4415-BB12-778F73D962D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{F04E39C5-C3BB-43FE-B0B6-4820AFFDFB06}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08BFB912-8D71-4E29-9A80-18BFB385F19B}" = LeapFrog Connect
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{29FA9E38-7A6D-475E-8C15-15EE8BA9639E}" = ESU for Microsoft Vista
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C86D799-6203-4BE4-8175-126D69742F2F}" = Vista Default Settings
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 A3
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PCFriendly" = PCFriendly
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 9" = TeamViewer 9
"UPCShell" = LeapFrog Connect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/22/2014 11:27:29 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 174908
 
Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38869801
 
Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38869801
 
Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2653577
 
Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2653577
 
Error - 10/23/2014 10:11:53 PM | Computer Name = Schreierhous-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 10/23/2014 10:28:25 PM | Computer Name = Schreierhous-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 10/23/2014 10:43:28 PM | Computer Name = Schreierhous-PC | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 10/23/2014 10:28:00 PM | Computer Name = Schreierhous-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

 Feature:
 %%834     Error Code: 0x8007043c     Error description: This service cannot be started in
 Safe Mode      Reason: %%858
 
Error - 10/23/2014 10:28:18 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/23/2014 10:28:25 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/23/2014 10:28:33 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 10/23/2014 10:43:32 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/23/2014 10:55:33 PM | Computer Name = Schreierhous-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10/23/2014 10:56:47 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7009
Description =
 
 
< End of report >


  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



It's Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation, not windows 7 Enterprise as you indicated.
  • First since you're giving it to your daughter,
  • I would Reinstall The Chrome browser from Here That will fix anything that maybe wrong with chrome, and she can customize it to her liking. Much easier then troubling shooting the Chrome Browser !
  • Internet explorer seems to out of date with IE 7 so,
  • Download Internet explorer 9, that's as high as you can go on Vista from Here
Next

Run this fix in OTL to delete files
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    O13 - gopher Prefix: missing
    [2014/10/22 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EXsttraSSaavvingso
    [2014/10/21 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExstraeSaviuNgs
    [2014/10/21 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FFuaNDeals
    [2014/10/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\DoewnSave
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    C:\ProgramData\EXsttraSSaavvingso
    C:\Program Files\ExstraeSaviuNgs
    C:\Program Files\FFuaNDeals
    C:\Program Files\DoewnSave
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:
  • The OTL Fix log, it will pop up on the desktop when fix is finished.
  • Post a new OTL Log after you reinstall Chrome and up date Internet explorer 7 to 9.
Thanks
Joe :)
  • 0

#4
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here are the logs perspectively,

Error: Unable to interpret <OTL Extras logfile created on: 10/24/2014 2:11:53 PM - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop> in the current context!
Error: Unable to interpret <Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 7.0.6001.18000)> in the current context!
Error: Unable to interpret <Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.46% Memory free> in the current context!
Error: Unable to interpret <4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.53% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 140.53 Gb Total Space | 82.01 Gb Free Space | 58.36% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html [@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)> in the current context!
Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"cval" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret <"VistaSp1" = Reg Error: Unknown registry data type -- File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Open Ports Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret <"{7060CBB7-DA25-4A9F-B7E0-1F78EDCE35EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Vista Active Application Exception List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret <"{043710F8-0376-45AA-938C-6D1811897BA5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | > in the current context!
Error: Unable to interpret <"{075E3233-64B1-4DF4-A979-7332F0B90CC0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | > in the current context!
Error: Unable to interpret <"{16391C2C-0DD6-4D76-B415-7508FEB990A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | > in the current context!
Error: Unable to interpret <"{32F30E12-03D7-40B6-B26E-908C335EE3C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | > in the current context!
Error: Unable to interpret <"{D01F4718-A808-4415-BB12-778F73D962D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | > in the current context!
Error: Unable to interpret <"{F04E39C5-C3BB-43FE-B0B6-4820AFFDFB06}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools> in the current context!
Error: Unable to interpret <"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer> in the current context!
Error: Unable to interpret <"{08BFB912-8D71-4E29-9A80-18BFB385F19B}" = LeapFrog Connect> in the current context!
Error: Unable to interpret <"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data> in the current context!
Error: Unable to interpret <"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client> in the current context!
Error: Unable to interpret <"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp> in the current context!
Error: Unable to interpret <"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch> in the current context!
Error: Unable to interpret <"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy> in the current context!
Error: Unable to interpret <"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery> in the current context!
Error: Unable to interpret <"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library> in the current context!
Error: Unable to interpret <"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg> in the current context!
Error: Unable to interpret <"{29FA9E38-7A6D-475E-8C15-15EE8BA9639E}" = ESU for Microsoft Vista> in the current context!
Error: Unable to interpret <"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)> in the current context!
Error: Unable to interpret <"{2C86D799-6203-4BE4-8175-126D69742F2F}" = Vista Default Settings> in the current context!
Error: Unable to interpret <"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan> in the current context!
Error: Unable to interpret <"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 A3> in the current context!
Error: Unable to interpret <"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module> in the current context!
Error: Unable to interpret <"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD> in the current context!
Error: Unable to interpret <"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile> in the current context!
Error: Unable to interpret <"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer> in the current context!
Error: Unable to interpret <"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing> in the current context!
Error: Unable to interpret <"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies> in the current context!
Error: Unable to interpret <"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour> in the current context!
Error: Unable to interpret <"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)> in the current context!
Error: Unable to interpret <"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport> in the current context!
Error: Unable to interpret <"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support> in the current context!
Error: Unable to interpret <"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check> in the current context!
Error: Unable to interpret <"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy> in the current context!
Error: Unable to interpret <"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites> in the current context!
Error: Unable to interpret <"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3> in the current context!
Error: Unable to interpret <"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library> in the current context!
Error: Unable to interpret <"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder> in the current context!
Error: Unable to interpret <"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = > in the current context!
Error: Unable to interpret <"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components> in the current context!
Error: Unable to interpret <"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder> in the current context!
Error: Unable to interpret <"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13> in the current context!
Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin> in the current context!
Error: Unable to interpret <"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies> in the current context!
Error: Unable to interpret <"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client> in the current context!
Error: Unable to interpret <"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour> in the current context!
Error: Unable to interpret <"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01> in the current context!
Error: Unable to interpret <"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01> in the current context!
Error: Unable to interpret <"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio> in the current context!
Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!
Error: Unable to interpret <"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components> in the current context!
Error: Unable to interpret <"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007> in the current context!
Error: Unable to interpret <"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD> in the current context!
Error: Unable to interpret <"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update> in the current context!
Error: Unable to interpret <"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor> in the current context!
Error: Unable to interpret <"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help> in the current context!
Error: Unable to interpret <"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper> in the current context!
Error: Unable to interpret <"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components> in the current context!
Error: Unable to interpret <"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder> in the current context!
Error: Unable to interpret <"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8> in the current context!
Error: Unable to interpret <"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant> in the current context!
Error: Unable to interpret <"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan> in the current context!
Error: Unable to interpret <"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2> in the current context!
Error: Unable to interpret <"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd> in the current context!
Error: Unable to interpret <"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min> in the current context!
Error: Unable to interpret <"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077> in the current context!
Error: Unable to interpret <"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend> in the current context!
Error: Unable to interpret <"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter> in the current context!
Error: Unable to interpret <"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9> in the current context!
Error: Unable to interpret <"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software> in the current context!
Error: Unable to interpret <"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones> in the current context!
Error: Unable to interpret <"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component> in the current context!
Error: Unable to interpret <"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant> in the current context!
Error: Unable to interpret <"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm> in the current context!
Error: Unable to interpret <"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext> in the current context!
Error: Unable to interpret <"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library> in the current context!
Error: Unable to interpret <"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer> in the current context!
Error: Unable to interpret <"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox> in the current context!
Error: Unable to interpret <"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager> in the current context!
Error: Unable to interpret <"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer> in the current context!
Error: Unable to interpret <"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE> in the current context!
Error: Unable to interpret <"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0> in the current context!
Error: Unable to interpret <"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status> in the current context!
Error: Unable to interpret <"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX> in the current context!
Error: Unable to interpret <"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter> in the current context!
Error: Unable to interpret <"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2> in the current context!
Error: Unable to interpret <"CNXT_AUDIO_HDA" = Conexant HD Audio> in the current context!
Error: Unable to interpret <"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP> in the current context!
Error: Unable to interpret <"Google Chrome" = Google Chrome> in the current context!
Error: Unable to interpret <"HDMI" = Intel® Graphics Media Accelerator Driver> in the current context!
Error: Unable to interpret <"HP Imaging Device Functions" = HP Imaging Device Functions 9.0> in the current context!
Error: Unable to interpret <"HP Photosmart Essential" = HP Photosmart Essential 2.01> in the current context!
Error: Unable to interpret <"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0> in the current context!
Error: Unable to interpret <"HPExtendedCapabilities" = HP Customer Participation Program 9.0> in the current context!
Error: Unable to interpret <"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies> in the current context!
Error: Unable to interpret <"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)> in the current context!
Error: Unable to interpret <"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile> in the current context!
Error: Unable to interpret <"Microsoft Security Client" = Microsoft Security Essentials> in the current context!
Error: Unable to interpret <"Microsoft SQL Server 2005" = Microsoft SQL Server 2005> in the current context!
Error: Unable to interpret <"PCFriendly" = PCFriendly> in the current context!
Error: Unable to interpret <"PROHYBRIDR" = 2007 Microsoft Office system> in the current context!
Error: Unable to interpret <"PROSet" = Intel® Network Connections Drivers> in the current context!
Error: Unable to interpret <"Revo Uninstaller" = Revo Uninstaller 1.95> in the current context!
Error: Unable to interpret <"SynTPDeinstKey" = Synaptics Pointing Device Driver> in the current context!
Error: Unable to interpret <"TeamViewer 9" = TeamViewer 9> in the current context!
Error: Unable to interpret <"UPCShell" = LeapFrog Connect> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"MyFreeCodec" = MyFreeCodec> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Last 20 Event Log Errors ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ Application Events ]> in the current context!
Error: Unable to interpret <Error - 10/22/2014 11:27:29 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 174908> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: Continuously busy for more than a second> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledEvent 38869801> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 6:54:06 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 38869801> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: Continuously busy for more than a second> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledEvent 2653577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 8:27:50 PM | Computer Name = Schreierhous-PC | Source = Bonjour Service | ID = 100> in the current context!
Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 2653577> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:11:53 PM | Computer Name = Schreierhous-PC | Source = EventSystem | ID = 4609> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:25 PM | Computer Name = Schreierhous-PC | Source = EventSystem | ID = 4609> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:43:28 PM | Computer Name = Schreierhous-PC | Source = System Restore | ID = 8193> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ System Events ]> in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:00 PM | Computer Name = Schreierhous-PC | Source = Microsoft Antimalware | ID = 3002> in the current context!
Error: Unable to interpret <Description = %%860 Real-Time Protection feature has encountered an error and failed.> in the current context!
Error: Unable to interpret < Feature:> in the current context!
Error: Unable to interpret < %%834     Error Code: 0x8007043c     Error description: This service cannot be started in> in the current context!
Error: Unable to interpret < Safe Mode      Reason: %%858> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:18 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:25 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:33 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7001> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7001> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:28:46 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7026> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:43:32 PM | Computer Name = Schreierhous-PC | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:55:33 PM | Computer Name = Schreierhous-PC | Source = HTTP | ID = 15016> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 10/23/2014 10:56:47 PM | Computer Name = Schreierhous-PC | Source = Service Control Manager | ID = 7009> in the current context!
Error: Unable to interpret <Description = > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252014_103905
 

OTL logfile created on: 10/25/2014 11:57:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.53% Memory free
4.21 Gb Paging File | 2.82 Gb Available in Paging File | 66.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 84.73 Gb Free Space | 60.29% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
PRC - [2014/10/21 21:27:08 | 000,854,704 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/11/27 10:21:36 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/09/04 19:16:46 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/01/06 21:56:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/19 03:02:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2013/10/18 20:32:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2013/10/18 20:31:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013/10/18 20:31:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013/10/18 20:30:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013/10/18 20:28:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2007/11/05 00:41:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2007/08/24 07:28:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/21 21:27:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/20 19:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/20 19:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/14 10:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 20:31:36 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/21 22:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://www.search.as...earchTerms}=
IE - HKCU\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A942780-5EBF-47FA-97F6-12C98AB072B9}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3475DAB-42F8-4D87-926A-21588422BABC}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/09/19 20:14:40 | 000,506,686 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/05/20 22:48:52 | 000,554,584 | R--- | M] (Hewlett-Packard)
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/25 10:39:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/24 22:31:43 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Local\Seven Zip
[2014/10/24 22:29:50 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\Antivirus Tools
[2014/10/24 22:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/23 22:04:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
[2014/10/23 21:40:10 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\backups
[2014/10/23 21:07:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/10/22 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/22 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/10/22 06:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/10/22 06:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/10/22 06:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/10/22 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EXsttraSSaavvingso
[2014/10/21 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/10/21 22:51:27 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/21 22:51:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/21 22:51:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/21 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExstraeSaviuNgs
[2014/10/21 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FFuaNDeals
[2014/10/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\DoewnSave
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/25 12:01:05 | 000,612,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/25 12:01:05 | 000,107,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/25 11:53:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/25 11:53:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 11:53:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 11:52:54 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/25 11:52:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/25 11:52:09 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/25 11:51:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/10/25 11:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/25 11:13:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/25 10:36:38 | 000,001,995 | ---- | M] () -- C:\Users\Schreier house\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/25 10:36:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/25 01:11:16 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC9C60EF-27E4-49AB-8545-D1CC1B5B5699}.job
[2014/10/24 22:51:43 | 000,000,543 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:07:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 21:01:38 | 000,903,612 | ---- | M] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | M] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/22 21:23:11 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:53:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/10/01 11:11:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/23 21:55:05 | 2138,497,024 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/23 21:01:28 | 000,903,612 | ---- | C] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | C] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/10/22 22:36:10 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/21 22:53:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/10/21 22:52:56 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/25 19:41:02 | 000,141,197 | ---- | C] () -- C:\Windows\hpoins14.dat
[2013/12/15 13:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2013/10/12 03:21:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/10/12 03:21:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/07/18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/07/18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/11/10 20:18:10 | 000,003,584 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 18:28:32 | 000,000,680 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/01/06 21:51:43 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 02:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/29 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Hewlett Packard
[2013/02/11 10:06:47 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\InterVideo
[2014/01/03 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SampleView
[2013/11/01 04:50:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Samsung
[2013/11/06 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SendSpace
[2014/10/22 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/23 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hello,

There's an error in the fix. Looks like you may have copied the wrong data in the custom scans box, just copy and paste what's in the code box in post # 3. Looks like you pasted the entire log into the customs scan box in OTL, no problem happens all the time. Try the fix again in post 3

Thanks
Joe :)
  • 0

#6
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <:OTLO13 - gopher Prefix: missing[2014/10/22 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EXsttraSSaavvingso> in the current context!
Error: Unable to interpret <[2014/10/21 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExstraeSaviuNgs[2014/10/21 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FFuaNDeals> in the current context!
Error: Unable to interpret <[2014/10/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\DoewnSave[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <:Filesipconfig /flushdns /cC:\ProgramData\EXsttraSSaavvingsoC:\Program Files\ExstraeSaviuNgsC:\Program Files\FFuaNDealsC:\Program Files\DoewnSave:Commands> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252014_190022

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

OTL logfile created on: 10/25/2014 7:06:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.74% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 84.86 Gb Free Space | 60.39% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
PRC - [2014/10/21 21:27:08 | 000,854,704 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/11/27 10:21:36 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/09/04 19:16:46 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/01/06 21:56:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/18 20:31:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013/10/18 20:31:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013/10/18 20:30:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013/10/18 20:28:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2007/08/24 07:28:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/21 21:27:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/20 19:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/20 19:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/14 10:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 20:31:36 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/21 22:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://www.search.as...earchTerms}=
IE - HKCU\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A942780-5EBF-47FA-97F6-12C98AB072B9}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3475DAB-42F8-4D87-926A-21588422BABC}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/09/19 20:14:40 | 000,506,686 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/05/20 22:48:52 | 000,554,584 | R--- | M] (Hewlett-Packard)
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/25 10:39:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/24 22:31:43 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Local\Seven Zip
[2014/10/24 22:29:50 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\Antivirus Tools
[2014/10/24 22:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/23 22:04:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
[2014/10/23 21:40:10 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\backups
[2014/10/23 21:07:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/10/22 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/22 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/10/22 06:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/10/22 06:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/10/22 06:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/10/22 06:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EXsttraSSaavvingso
[2014/10/21 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/10/21 22:51:27 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/21 22:51:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/21 22:51:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/21 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExstraeSaviuNgs
[2014/10/21 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FFuaNDeals
[2014/10/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\DoewnSave
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/25 19:02:38 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/25 19:02:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 19:02:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 19:02:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/25 19:01:52 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/25 19:00:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/10/25 17:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/25 17:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/25 12:01:05 | 000,612,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/25 12:01:05 | 000,107,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/25 11:52:54 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/25 10:36:38 | 000,001,995 | ---- | M] () -- C:\Users\Schreier house\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/25 10:36:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/25 01:11:16 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC9C60EF-27E4-49AB-8545-D1CC1B5B5699}.job
[2014/10/24 22:51:43 | 000,000,543 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:07:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 21:01:38 | 000,903,612 | ---- | M] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | M] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/22 21:23:11 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:53:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/10/01 11:11:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/23 21:55:05 | 2138,497,024 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/23 21:01:28 | 000,903,612 | ---- | C] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | C] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/10/22 22:36:10 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/21 22:53:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/10/21 22:52:56 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/25 19:41:02 | 000,141,197 | ---- | C] () -- C:\Windows\hpoins14.dat
[2013/12/15 13:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2013/10/12 03:21:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/10/12 03:21:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/07/18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/07/18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/11/10 20:18:10 | 000,003,584 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 18:28:32 | 000,000,680 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/01/06 21:51:43 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 02:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/29 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Hewlett Packard
[2013/02/11 10:06:47 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\InterVideo
[2014/01/03 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SampleView
[2013/11/01 04:50:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Samsung
[2013/11/06 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SendSpace
[2014/10/22 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/23 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Try that fix one more time, I also made an adjustment to it. This is not been a good nite for me :)

Joe
  • 0

#8
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

But mucho good for me. I am working on the ie9, but i got an error stating I need to update service packs first. So am continuing on both fronts.


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
OK,

Focus on the service pack install, I missed that one. I don't want to do anything else untill that is successfully installed

If any help is needed for that see Here

Joe
  • 0

#10
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\ProgramData\EXsttraSSaavvingso folder moved successfully.
C:\Program Files\ExstraeSaviuNgs folder moved successfully.
C:\Program Files\FFuaNDeals folder moved successfully.
C:\Program Files\DoewnSave folder moved successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla1.exe deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla10.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla11.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla12.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla2.exe deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla4.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla5.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla6.exe deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla7.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla8.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseCustomCalla9.dll deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP\WiseData.ini deleted successfully.
C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Schreier house\Desktop\cmd.bat deleted successfully.
C:\Users\Schreier house\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\EXsttraSSaavvingso not found.
File\Folder C:\Program Files\ExstraeSaviuNgs not found.
File\Folder C:\Program Files\FFuaNDeals not found.
File\Folder C:\Program Files\DoewnSave not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Schreier house
->Temp folder emptied: 1876130582 bytes
->Temporary Internet Files folder emptied: 122410146 bytes
->Java cache emptied: 7961683 bytes
->Google Chrome cache emptied: 11209991 bytes
->Flash cache emptied: 8238556 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53622343 bytes
RecycleBin emptied: 471455319 bytes
 
Total Files Cleaned = 2,433.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252014_195903

Files\Folders moved on Reboot...
File\Folder C:\Users\Schreier house\AppData\Local\Temp\Low\~DF2B41.tmp not found!
File\Folder C:\Users\Schreier house\AppData\Local\Temp\Low\~DF2B96.tmp not found!
C:\Users\Schreier house\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FCVVMCRY\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Schreier house\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FCVVMCRY\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.
C:\Users\Schreier house\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QX76EUX\344457-chrome-slowness-and-multiple-windows[1].htm moved successfully.
C:\Users\Schreier house\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Schreier house\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

OTL logfile created on: 10/25/2014 8:07:34 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schreier house\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.73% Memory free
4.21 Gb Paging File | 3.43 Gb Available in Paging File | 81.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 86.24 Gb Free Space | 61.37% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.76 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive F: | 321.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SCHREIERHOUS-PC | User Name: Schreier house | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/11/27 10:21:36 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/09/04 19:16:46 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/01/06 21:56:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/18 20:31:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013/10/18 20:31:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013/10/18 20:30:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013/10/18 20:28:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2007/08/24 07:28:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/21 21:27:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/11/27 10:12:02 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/20 19:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/20 19:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/14 10:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 20:31:36 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/21 22:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://www.search.as...earchTerms}=
IE - HKCU\..\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/10/25 20:03:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A942780-5EBF-47FA-97F6-12C98AB072B9}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3475DAB-42F8-4D87-926A-21588422BABC}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/09/19 20:14:40 | 000,506,686 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{70337269-4ef0-11e3-9ec1-001b38e9f89d}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7bb3e4-327e-11e1-a83d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/05/20 22:48:52 | 000,554,584 | R--- | M] (Hewlett-Packard)
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0efaca9-e1a5-11e2-92c1-001b38e9f89d}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/25 10:39:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/24 22:31:43 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Local\Seven Zip
[2014/10/24 22:29:50 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\Antivirus Tools
[2014/10/24 22:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/23 22:04:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
[2014/10/23 21:40:10 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\Desktop\backups
[2014/10/23 21:07:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/10/23 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/10/22 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/22 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/10/22 06:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/10/22 06:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/10/22 06:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/10/21 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/10/21 22:51:27 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/21 22:51:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/21 22:51:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/21 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/25 20:05:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/25 20:05:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 20:05:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 20:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/25 20:04:45 | 2136,424,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/25 20:03:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/10/25 20:03:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/10/25 19:33:45 | 000,612,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/25 19:33:45 | 000,107,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/25 19:21:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/25 19:13:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/25 11:52:54 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/25 10:36:38 | 000,001,995 | ---- | M] () -- C:\Users\Schreier house\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/25 10:36:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/25 01:11:16 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC9C60EF-27E4-49AB-8545-D1CC1B5B5699}.job
[2014/10/24 22:51:43 | 000,000,543 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2014/10/23 22:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schreier house\Desktop\OTL.exe
[2014/10/23 21:07:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Schreier house\Desktop\HijackThis.exe
[2014/10/23 21:01:38 | 000,903,612 | ---- | M] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | M] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | M] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/22 21:23:11 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/21 22:53:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/10/01 11:11:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/10/25 19:25:57 | 2136,424,448 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/23 21:01:28 | 000,903,612 | ---- | C] () -- C:\Users\Schreier house\Desktop\OTL Tutorial - How to use OldTimer ListIt - Malware Removal Guides and Tutorials.mht
[2014/10/23 20:43:44 | 000,001,057 | ---- | C] () -- C:\Users\Schreier house\Desktop\Revo Uninstaller.lnk
[2014/10/23 18:04:22 | 000,085,691 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\census.cache
[2014/10/23 18:04:19 | 000,162,987 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\ars.cache
[2014/10/23 17:59:47 | 000,000,010 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\sponge.last.runtime.cache
[2014/10/22 22:36:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/10/22 22:36:10 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/10/22 22:09:21 | 000,000,036 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\housecall.guid.cache
[2014/10/21 22:53:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/10/21 22:52:56 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/05/25 19:41:02 | 000,141,197 | ---- | C] () -- C:\Windows\hpoins14.dat
[2013/12/15 13:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2013/10/12 03:21:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/10/12 03:21:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/07/18 14:32:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/07/18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/07/18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/07/18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/07/18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/11/10 20:18:10 | 000,003,584 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 18:28:32 | 000,000,680 | ---- | C] () -- C:\Users\Schreier house\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/01/06 21:51:43 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 02:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/29 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Hewlett Packard
[2013/02/11 10:06:47 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\InterVideo
[2014/01/03 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SampleView
[2013/11/01 04:50:11 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\Samsung
[2013/11/06 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\SendSpace
[2014/10/22 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\TeamViewer
[2014/10/23 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Schreier house\AppData\Roaming\VSRevoGroup
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Lets check for adware,

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Your next reply should include:
    • The AdwCleaner log report after you run the "Clean" option
    • The Junkware removal tool log-- called JRT.TXT
    Thanks
    Joe :)

  • 0

#12
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

# AdwCleaner v4.001 - Report created 26/10/2014 at 10:50:47
# DB v2014-10-26.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Schreier house - SCHREIERHOUS-PC
# Running from : C:\Users\Schreier house\Desktop\Antivirus Tools\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Schreier house\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Schreier house\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Schreier house\AppData\Roaming\SendSpace
Folder Deleted : C:\Program Files\ss helper
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\DoewnSave
Folder Deleted : C:\ProgramData\ExstraeSaviuNgs
Folder Deleted : C:\ProgramData\FFuaNDeals
Folder Deleted : C:\ProgramData\saurfa and keEep
Folder Deleted : C:\Program Files\saurfa and keEep
File Deleted : C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Schreier house\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunDEalls.FunDEalls
Key Deleted : HKLM\SOFTWARE\Classes\FunDEalls.FunDEalls.2.2
Key Deleted : HKLM\SOFTWARE\Classes\RegularDEals.RegularDEals
Key Deleted : HKLM\SOFTWARE\Classes\RegularDEals.RegularDEals.7.2
Key Deleted : HKLM\SOFTWARE\Classes\ExstraSaavings.ExstraSaavings
Key Deleted : HKLM\SOFTWARE\Classes\ExstraSaavings.ExstraSaavings.4.2
Key Deleted : HKLM\SOFTWARE\Classes\DowwnSAve.DowwnSAve
Key Deleted : HKLM\SOFTWARE\Classes\DowwnSAve.DowwnSAve.5.2
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09A01E16-4D7F-9A3A-574D-605B0912C468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6602101F-E937-0D35-D797-C310A5D31682}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75E25AD6-E1AC-95AE-CFDE-9B2C9C21CB68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC8FE396-9381-DB94-4EFB-51CE20F23397}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09A01E16-4D7F-9A3A-574D-605B0912C468}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6602101F-E937-0D35-D797-C310A5D31682}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75E25AD6-E1AC-95AE-CFDE-9B2C9C21CB68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC8FE396-9381-DB94-4EFB-51CE20F23397}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09A01E16-4D7F-9A3A-574D-605B0912C468}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6602101F-E937-0D35-D797-C310A5D31682}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75E25AD6-E1AC-95AE-CFDE-9B2C9C21CB68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC8FE396-9381-DB94-4EFB-51CE20F23397}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

-\\ Google Chrome v38.0.2125.104

*************************

AdwCleaner[R0].txt - [5332 octets] - [26/10/2014 10:26:32]
AdwCleaner[R1].txt - [5392 octets] - [26/10/2014 10:48:42]
AdwCleaner[S0].txt - [5345 octets] - [26/10/2014 10:50:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5405 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows Vista ™ Business x86
Ran by Schreier house on Sun 10/26/2014 at 10:54:15.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4F949AD3-F30C-4993-8BC0-CC196FDF1C85}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\myfree codec"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/26/2014 at 10:56:25.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Very good.

I see service pack 2 is also installed :)

Lets look at another scan to see if it shows anything.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Thanks
Joe :)
  • 0

#14
vanaya2002

vanaya2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

yes, I had to try a few different fixes to get it installed. Can you tell what I was infected with??


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Just adware nothing serious. Lets look at those other logs, we are going to check everything before I let you go.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP