|
#1
June 30th, 2012, 01:14 PM
|
|||
|
|||
|
NO Audio and no system restore
Directed here by AnnMarie. See my thread in Windows 7 forum titled 'No Audio from speakers or phone jack'
AnnMarie helped me over about a weeks time trying to solve the problem of no Audio. Nothing worked including re-loading drivers and ChkDsk. System restore won't run previous restore points and I receive this message when trying it. "System Restore did not complete successfully. Your computer's system files and settings were not changed. Details: System Restore failed while mounting the registry from the restore point. An unspecified error occurred during System Restore. (0x800703f1) You can try System Restore again and choose a different restore point. If you continue to see this error, you can try an advanced recovery mthod... Also, I was using Microsoft Security Essentials and everytime I tried to update definitions, it would error. The last successful update was June 19th around the time I lost my Audio. I de-installed Security Essentials, but I could not re-install it so I went to AVG which installed and ran a complete scan and found no errors. Also, Windows Defender found no errors. I ran AVG rootkit scan and their one time free registry scanner and no errors were reported. So, could this mean I have malware. Thanks Team 
|
|
#2
July 1st, 2012, 01:10 AM
|
||||
|
||||
|
Hello DLG7,
Let's take a look. The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#5
July 6th, 2012, 01:15 AM
|
|||
|
|||
|
NO Audio and no system restore
OK Jintan, sorry for the delay in running these scans. I ran the programs you suggested but the reports are too long, so I will have to post them in multiple replies.
Thanks Again, DLG7 OTL Extras logfile created on: 7/2/2012 8:18:46 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Charlies\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.15% Memory free 7.50 Gb Paging File | 5.75 Gb Available in Paging File | 76.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.81 Gb Total Space | 593.77 Gb Free Space | 86.83% Space Free | Partition Type: NTFS Drive D: | 14.73 Gb Total Space | 1.83 Gb Free Space | 12.44% Space Free | Partition Type: NTFS Computer Name: CHARLIES-HP | User Name: Charlies | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{081589FA-6EF0-414E-9BA0-0974D2A09BF8}" = rport=445 | protocol=6 | dir=out | app=system | "{09AA795C-E447-4614-B5C5-FDA568AC944B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09D67B84-A3EA-4883-BB31-C07ED208C521}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{10486A10-4396-447D-8968-631A54F1B13B}" = lport=2869 | protocol=6 | dir=in | app=system | "{17ADB38B-3583-4FC6-ACCB-A857EA55BA25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E64C4E8-345E-4A9D-AB75-6B81223433FE}" = rport=139 | protocol=6 | dir=out | app=system | "{34AB20ED-9F71-4F90-B1AB-B19AC5F2AA09}" = lport=445 | protocol=6 | dir=in | app=system | "{515D87EF-25D4-4665-831C-7988A535F4EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5328E8EA-245D-461C-8871-FB3D42017689}" = lport=139 | protocol=6 | dir=in | app=system | "{539BFF8C-16A2-45CC-8BD7-9A53197C0E35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B1326EE-4FED-4BAF-AF9B-C401A8B1B76B}" = lport=137 | protocol=17 | dir=in | app=system | "{6CC744CC-0ECE-4BD7-86AF-9EBEED97DBDC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.3031 9\smsvchost.exe | "{7F26B3A5-7ECA-4191-A034-3BA4344FB44B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{804E8B10-643E-4310-A2B5-044F9A209B10}" = lport=138 | protocol=17 | dir=in | app=system | "{AE0319DF-0872-4C69-AC5D-5A0ED3EAABB1}" = rport=10243 | protocol=6 | dir=out | app=system | "{B85348A1-0BAF-4534-BD65-1FF11DA1861B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BFBEAFA0-C715-4790-967E-938A11B8E506}" = rport=137 | protocol=17 | dir=out | app=system | "{C6C64706-3214-4592-BF8A-AE7A2E0BA972}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0B7EF0B-7983-4C27-8AC9-3388BA429A62}" = lport=10243 | protocol=6 | dir=in | app=system | "{D5AD96E7-6A6D-4713-B2C6-71A683C23B9D}" = rport=138 | protocol=17 | dir=out | app=system | "{E37A7E37-5C94-4882-952B-FC6D1371F77C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E80F227F-A3AD-473B-AB7D-498CC3FE9397}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F2107BFD-4823-4B19-B77A-82D1D51D6E31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F2FA7DF5-C3F8-420A-B64E-64217E97FF46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE0E4A2E-D3E1-4209-927A-9AE05CEBCFAA}" = lport=2869 | protocol=6 | dir=in | app=system | "{FE8F73B9-93B6-41A2-9B88-95257B1F3AC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0165EC0F-4F75-4B34-8231-16EE8409F307}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{071C4DAE-073A-45BD-9C2B-76490B038A84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{08FB86E2-C293-439A-9415-31E9001958B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe | "{0EEC8C2D-52BC-483B-AE82-834BF098C4F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{146E41A6-E014-4710-84B7-88372577F0BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{179B1552-343E-429F-9B1C-53D89E186934}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{1C9F3F40-3A6B-42D0-AB4C-6E21D78489D0}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{1CB587BF-5AB8-4097-BBFD-5513F8D33922}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{205B43D8-14E9-4695-8FBF-80159FFB017B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{23657D18-69BD-4EC8-B9F1-66D72029DC17}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{23A8E6B0-490E-4F4A-A38B-90E41B9CDF65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{25496F9F-00A0-4D97-B484-BDFD955F09AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2DCAEA35-B020-456D-9257-5519002C9474}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32B664D1-D98E-4612-9475-7F99EFA9826E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3EBC3F1A-C7EA-41E1-9ADC-0001CF87165A}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\cinemanow\cinemanow.exe | "{45EDB56E-FACA-40F1-8350-CECE28F6738E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{48448CEF-4B7D-438F-8636-E7E4AA275EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{4E79ADE7-CD56-4D74-8E7D-9D230FE2768B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{598CE38D-BB69-4028-B35F-99B92D51E5DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59D8E0B9-8BCC-4DD4-A6A2-A196F831981F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\cinemanow\cinemanow.exe | "{5D39B65E-C5D7-4380-A007-9C970F7A34AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{693DDEBC-A1BC-4D2C-9022-84519FA4F1EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{7276FFD9-599D-4AA4-95AC-843E5A80D6BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{75DEB58A-1435-4071-8C27-0BF2170CF82A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78106F8C-C6B1-4240-9206-51052A03F71B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{7BCE3A28-31AC-41E9-B789-57D73108B183}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7C5AB3A6-E656-4297-90EB-6154AD2B000E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7C710AB2-AC8A-45FF-BE60-5D38B5549441}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7CCE3081-C457-4E0C-896F-0D5E5011A911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{807FF7D8-8F27-4668-80EC-B6B9C0A2A180}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AD006EB8-06EF-4D80-9722-C455F6B11692}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{B1C4230C-6387-4F99-AC28-49C4DDBD314F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B25C1FA2-79DA-47D7-8EE8-694621356928}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{B62CDBC2-8660-468F-B485-B87C972D59DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{BC9F8965-8D55-4D26-B13B-8ED092F73766}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BD145C4A-7854-41C9-AF99-9DB7DB6C75C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C8FBD88D-7383-483F-B18E-100BFDAE7116}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CBC8F4A0-2AB1-4B25-A53D-F5301833405F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe | "{CCF08A62-B706-4B0F-B061-1A7CA3976838}" = protocol=6 | dir=out | app=system | "{CD3BF8F8-11A9-40AE-9042-4022B6E590D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEDE458D-548C-495F-94B4-09295E4FD584}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CF06ECCB-31BF-476B-8219-30045469F639}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{D56B1D78-EA1D-41AB-9644-DD740A5C9B88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D6621A25-A31E-4F4C-BBC0-9C9C67244ABA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E47DEF86-8676-4BF4-869B-4FA932463F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EF8AE236-36FD-467D-8BE8-1384FB007473}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{F0D0E222-0CD8-495D-9D12-16C70EA5C63A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe | "{F1EBC260-A151-4EC7-A8D5-C5F615F08F62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{22D2323E-DDDF-4153-B5F9-E163C5FBB6C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{630733D2-B1EE-40BA-AAFC-B44B898177E4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{08CC771E-8017-404A-B77C-6A9D0D748D9E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{0DD0CB32-EDCE-4088-B9FB-D4B7494FF316}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88B6E7E4-2D44-9C8D-1B7E-1131C8B0D111}" = ccc-utility64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012 "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{E2D662AD-3FE3-26C5-5540-90E4974EF412}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "{02EABF5D-E535-4A0F-8658-C1F4BF25850C}" = HP TouchSmart Paint it! by Corel - Langauge "{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock "{05CA9AF2-E06D-3991-887C-FC5822D5468A}" = CCC Help Chinese Standard "{06A1431C-C951-4A9B-8732-04827497BF25}" = HP TouchSmart Paint it! by Corel - Langauge "{07BF9DB6-69AE-4070-EFBC-44C5BB3E10D2}" = CCC Help Finnish "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0ACB0830-631B-4C84-81CD-0B33E8129964}" = HP TouchSmart Paint it! by Corel - Langauge "{0C49FC5B-B846-4430-83BA-4F5DD481DC53}" = HP TouchSmart Paint it! by Corel - Langauge "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{104BEA41-8EC0-B483-04AA-FAB143CBBCAE}" = Catalyst Control Center Core Implementation "{11070051-3806-4F34-8F1D-A7874ADC296C}" = HP TouchSmart Paint it! by Corel - Core "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{157A2E65-1D59-4BE2-BBD4-D16A14EEF959}" = HP TouchSmart Canvas "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1D4B453A-6C34-FEDF-4B69-C026E2E58655}" = CCC Help Danish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display TouchSmart Edition "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22CD5AA1-C28D-458A-AC3D-FB30F74111F9}" = HP TouchSmart Calendar "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{29CE5C81-B7F9-40EA-997E-606C09F515A6}" = HP TouchSmart Weather "{29F19C52-0B82-4741-8015-8D46E28638EC}" = HP TouchSmart Twitter "{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "{32A2B967-279F-457D-B767-76352DA2F108}" = HP TouchSmart "{338556DF-B61E-26A0-4DF9-F95658B3454B}" = CCC Help Czech "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{37220538-53F8-728A-C7EA-92ABD78CA94B}" = Catalyst Control Center Graphics Full Existing "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C19AEEC-7779-4FA5-A1DA-AEB93E674294}" = Corel Paint it! touch - IPM "{3DAB1C09-2B6C-4FEE-2B95-EABAAF7002FB}" = CCC Help Portuguese "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4513B67A-61E4-D7BF-6381-657581C9097C}" = CCC Help Korean "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{5031851B-1BC3-EAB0-AC16-7D5FF880502C}" = Catalyst Control Center Localization All "{5924CA2E-D145-87A2-CB65-39313C0D825C}" = Catalyst Control Center Graphics Previews Vista "{5932A032-0BD3-4EEA-9FC3-5E4C98B770C5}" = HP TouchSmart Paint it! by Corel - Langauge "{5A9DADC3-6C03-4C83-8622-60405126D1E0}" = HP TouchSmart Notes "{5CBE8F58-049D-49FE-B4E3-A23CF3194771}" = HP TouchSmart Paint it! by Corel - Langauge "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67AAEC8B-9A0C-154E-21F8-0AEF4A05E98D}" = CCC Help Chinese Traditional "{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel - ICA "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{6FA22C59-53A4-6C24-4E2B-8024838F1016}" = CCC Help German "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{713578E2-16BA-B3C5-A1D3-147F4BD6CE14}" = CCC Help French "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{766486B3-441B-4376-A5F8-0AE2E4BDFB3C}" = HP TouchSmart Paint it! by Corel - Langauge "{769FA062-69D1-4456-8624-13EC3880787E}" = HP TouchSmart Paint it! by Corel - Langauge "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{777E6DA6-2487-4A56-0FAB-07C9F82B9C18}" = CCC Help English "{77B559D7-CBF8-43FE-90BB-BDB6A30E9B61}" = HP TouchSmart Paint it! by Corel - Langauge "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{858CA5A0-9A7E-3D84-679F-5934B22255A8}" = CCC Help Spanish "{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials "{864BC409-6229-452C-B1FD-FA960D13F824}" = HP TouchSmart Paint it! by Corel - Langauge "{88E2586F-E0D5-A3E3-B84F-4CC6E86F4D23}" = Catalyst Control Center Graphics Full New "{89DE8F46-0495-46F7-94EB-DC6AA71BD3EE}" = HP TouchSmart Browser "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS "{8D016DB5-8672-0757-F228-32BF04278665}" = Catalyst Control Center Graphics Light "{8DB462BD-8372-47F1-9356-210BE357B1A8}" = HP TouchSmart Default Magnets "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95251A23-7B7A-BFA7-C812-9A0E4EC04120}" = CCC Help Japanese "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B51638F-A1F3-05B5-46A1-B54A025766E1}" = CCC Help Dutch "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CEE002F-22B8-4335-8D55-A1EE852C8072}" = HP TouchSmart Paint it! by Corel - Langauge "{A1CE6220-A44F-4B0B-B445-738ACB55C25D}" = HP TouchSmart RecipeBox "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A6D0B261-9CF1-1C7E-5A5C-6D42EE9AE9E6}" = CCC Help Italian "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB92BB15-CF56-0490-64D9-06DD82522CC5}" = CCC Help Turkish "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B1588559-57A0-5948-0A3F-F768AC350F29}" = CCC Help Thai "{B191C95B-7E4A-6419-F332-307810CE4FA5}" = ccc-core-static "{B4DFE240-836F-3EA4-B764-BE778EB7B86B}" = CCC Help Norwegian "{B770307B-2E7E-4BAD-BF75-1511A76AD277}" = HP TouchSmart Paint it! by Corel - Content "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{BD30FF0E-FFD3-8200-68F1-7772F0C091DD}" = CCC Help Russian "{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix "{BFA6DE67-F8EF-427B-B962-D03ADAF56734}" = HP TouchSmart Paint it! by Corel - Langauge "{C1441CC5-D9DC-C781-F5FC-B7CA0FBA0914}" = CCC Help Greek "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBF9CADC-3F81-44E4-3B0F-B0E288D0FBEC}" = Catalyst Control Center InstallProxy "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DBE1BE19-6D8E-4623-83B1-EE017908A8B7}" = HP TouchSmart Paint it! by Corel - Langauge "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP TouchSmart DVD "{DE665CEA-0968-4211-B0B0-2A917CE9EC7E}" = Facebook for HP TouchSmart "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger "{E1FD99EF-7312-426E-A9BD-92ECD2093B4A}" = HP TouchSmart Paint it! by Corel - Langauge "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B30C03-9245-481C-8FEE-53EE7E81C5D6}" = Money Matters Deluxe "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB235F08-D1FC-D35F-BD8A-84C232184AF2}" = CCC Help Hungarian "{EB69F7A5-778B-2F95-1FFD-949157FB94CA}" = CCC Help Polish "{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F33B9785-B646-4564-849B-BEE3A1700694}" = HP TouchSmart Paint it! by Corel - Langauge "{F6A4B871-A06A-0EB2-DA8F-BD26CA4B7D90}" = CCC Help Swedish "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F9A36074-25AD-4F2E-969E-AEDF452DC57B}" = HP TouchSmart Paint it! by Corel - Langauge "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements "Adobe SVG Viewer" = Adobe SVG Viewer "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "Canon CanoScan LiDE 110 User Registration" = Canon CanoScan LiDE 110 User Registration "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Carbonite Backup" = Carbonite "Cisco Connect" = Cisco Connect "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP AppsCenter 1.00" = HP AppsCenter 1.00 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP TouchSmart DVD "InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video "IrfanView" = IrfanView (remove only) "Kobo" = Kobo "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "My HP Game Console" = HP Game Console "PDF Complete" = PDF Complete Special Edition "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT087317" = Airport Mania "WT087318" = Ancient Hearts "WT087319" = Azteca "WT087329" = Bob the Builder Can-Do-Zoo "WT087330" = Bounce Symphony "WT087342" = Dora's Carnival Adventure "WT087343" = Dora's World Adventure "WT087361" = FATE "WT087379" = Jewel Quest Solitaire 2 "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087408" = Skip-Bo - Castaway Caper "WT087416" = Where's Waldo The Fantastic Journey "WT087428" = Bejeweled 2 Deluxe "WT087433" = Build-a-lot "WT087453" = Chuzzle Deluxe "WT087472" = Gem Shop "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "ZinioReader4.9310D8F796442B71068C511E15D70529A702 D19D.1" = Zinio Reader 4 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/25/2012 3:46:10 AM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7551 Error - 6/25/2012 3:46:10 AM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7551 Error - 6/25/2012 8:09:05 AM | Computer Name = Charlies-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 6/25/2012 11:10:44 AM | Computer Name = Charlies-HP | Source = Application Error | ID = 1000 Description = Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9 Faulting module name: SFSAPO64.dll, version: 2.0.0.12, time stamp: 0x4b919e32 Exception code: 0xc0000005 Fault offset: 0x0000000000005746 Faulting process id: 0x4a0 Faulting application start time: 0x01cd52e4aa0808c6 Faulting application path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\system32\SFSAPO64.dll Report Id: ef24e421-bed7-11e1-935f-c80aa9fd1ea4 Error - 6/25/2012 11:07:12 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/25/2012 11:07:12 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1108 Error - 6/25/2012 11:07:12 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1108 Error - 6/25/2012 11:07:13 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/25/2012 11:07:13 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2106 Error - 6/25/2012 11:07:13 PM | Computer Name = Charlies-HP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2106 [ Hewlett-Packard Events ] Error - 4/21/2012 8:34:41 AM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204210834. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 4/28/2012 9:33:38 AM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204280933. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 5/5/2012 6:41:29 PM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205051841. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 5/6/2012 6:33:40 AM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205060633. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 5/12/2012 6:09:12 PM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205121809. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 5/19/2012 1:46:46 PM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205191346. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 5/26/2012 9:33:01 AM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205260933. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 6/2/2012 3:48:35 PM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = Error - 6/2/2012 3:49:27 PM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201206021549. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() Error - 6/6/2012 6:41:15 AM | Computer Name = Charlies-HP | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201206060641. xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSa veSession() [ OSession Events ] Error - 1/8/2012 1:55:03 PM | Computer Name = Charlies-HP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/29/2012 9:55:47 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 9:55:49 AM | Computer Name = Charlies-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.718.0). Error - 6/29/2012 10:09:30 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 10:09:30 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 10:09:30 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 10:09:37 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 10:09:37 AM | Computer Name = Charlies-HP | Source = Microsoft Antimalware | ID = 2001 Description = Error - 6/29/2012 10:09:44 AM | Computer Name = Charlies-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.718.0). Error - 6/29/2012 10:18:26 AM | Computer Name = Charlies-HP | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 6/29/2012 10:18:37 AM | Computer Name = Charlies-HP | Source = Microsoft-Windows-TaskScheduler | ID = 701 Description = Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942405. < End of report >
|
|
#6
July 6th, 2012, 01:18 AM
|
|||
|
|||
|
NO Audio and no system restore, scan results continued
OTL logfile created on: 7/2/2012 8:18:46 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Charlies\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.15% Memory free 7.50 Gb Paging File | 5.75 Gb Available in Paging File | 76.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.81 Gb Total Space | 593.77 Gb Free Space | 86.83% Space Free | Partition Type: NTFS Drive D: | 14.73 Gb Total Space | 1.83 Gb Free Space | 12.44% Space Free | Partition Type: NTFS Computer Name: CHARLIES-HP | User Name: Charlies | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/02 20:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe PRC - [2012/06/30 15:35:12 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012/06/30 15:35:11 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/06 00:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2010/07/14 11:29:24 | 000,026,168 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSy ncCalReminderApp.exe PRC - [2010/07/14 11:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e PRC - [2010/07/02 14:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe PRC - [2010/06/23 15:09:52 | 000,432,752 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe PRC - [2010/06/23 15:09:36 | 000,125,552 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010/06/18 17:30:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/04/16 18:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/06/30 15:35:13 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012/06/30 15:35:11 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/06/15 03:29:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\e717a230496832656b05b515eb9f3bc5 \PresentationFramework.ni.dll MOD - [2012/06/15 03:29:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll MOD - [2012/06/15 03:29:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll MOD - [2012/06/15 03:29:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\14a87218ea49639f38097e278b98a3da\Pre sentationCore.ni.dll MOD - [2012/06/15 03:19:35 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Rea chFramework\442af6f7c8b447bdec3ad8d23da89c5a\Reach Framework.ni.dll MOD - [2012/06/15 03:09:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\e7dc084827f8df2dbdc819db5c633a0d\Pre sentationCore.ni.dll MOD - [2012/06/15 03:09:00 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\3971e166cf827b6726e142f344061dc9 \System.Windows.Forms.ni.dll MOD - [2012/06/15 03:08:55 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\21f37f9f5162af7efb52169012bd111e\WindowsB ase.ni.dll MOD - [2012/06/15 03:08:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\8c40f40ef36622109793788049fbe9ab\Syste m.Drawing.ni.dll MOD - [2012/05/11 03:39:13 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\Sy stem.Management.ni.dll MOD - [2012/05/11 03:37:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\8e56489276063ededde74e597a121df3 \PresentationFramework.Aero.ni.dll MOD - [2012/05/11 03:36:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c \System.Runtime.Remoting.ni.dll MOD - [2012/05/11 03:36:56 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f3814b488d9e083cbbc623e01b389f09\System.D ata.ni.dll MOD - [2012/05/11 03:36:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsB ase.ni.dll MOD - [2012/05/11 03:36:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll MOD - [2012/05/11 03:36:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll MOD - [2012/05/11 03:36:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 03:36:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll MOD - [2012/05/11 03:23:07 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e \System.IdentityModel.ni.dll MOD - [2012/05/11 03:23:06 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\ System.ServiceModel.ni.dll MOD - [2012/05/11 03:21:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c \System.Runtime.DurableInstancing.ni.dll MOD - [2012/05/11 03:21:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e \System.Runtime.Serialization.ni.dll MOD - [2012/05/11 03:21:30 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiag nostics.ni.dll MOD - [2012/05/11 03:06:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\d1f299160424bad90fe9f658661389e2\System.Xm l.ni.dll MOD - [2012/05/11 03:06:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\623d2a0f11dd82bb9bc13d1cb981b239 \System.Configuration.ni.dll MOD - [2012/05/11 03:06:34 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\ed91b57205429a23bb91f4499059a459\System.C ore.ni.dll MOD - [2012/05/11 03:06:20 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/05/11 03:06:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni .dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll MOD - [2010/10/19 22:34:13 | 000,122,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibra ry\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibra ry.dll MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Exce ptionHandling.Logging.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/12/06 00:34:36 | 006,378,128 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/11/17 07:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/06/30 15:35:12 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012/06/18 06:31:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010/07/14 11:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e -- (CalendarSynchService) SRV - [2010/06/23 15:09:36 | 000,125,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/04/16 18:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010/06/18 17:31:30 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/05/03 18:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/12/19 00:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{2A6B902E-18FD-4C5B-B535-3824F4487875}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2CB65099-F8C9-411A-989C-1588C5505FD8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{5FB9EC16-4E4F-4A94-84F0-7C2460F738F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{F72E916A-E188-48B8-8A02-CB849A02A7FF}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^CD^xdm264^S01786^us&si=7967&ptb=2 4C92B53-5B69-405F-A9B7-5DC701CFF625&ind=2012062321&n=77eda271&psa=&st=sb& searchfor={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {A17428F9-E711-408B-B54C-7345014F30A1} IE - HKCU\..\SearchScopes\{2A6B902E-18FD-4C5B-B535-3824F4487875}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKCU\..\SearchScopes\{2CB65099-F8C9-411A-989C-1588C5505FD8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKCU\..\SearchScopes\{5FB9EC16-4E4F-4A94-84F0-7C2460F738F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B924668D-1798-4B35-A1E6-4B8A99AE6998}&mid=7fc32f45f40c47d08c981943ef19f757-429095f078670472d66d0e23af04a2b1259b24d1&lang=en&d s=AVG&pr=pr&d=2012-06-29 10:28:54&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A17428F9-E711-408B-B54C-7345014F30A1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS466 IE - HKCU\..\SearchScopes\{F72E916A-E188-48B8-8A02-CB849A02A7FF}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B3b0a6221-4c56-4f39-82c3-4e2f24ea7309%7D&mid=7fc32f45f40c47d08c981943ef19f7 57-429095f078670472d66d0e23af04a2b1259b24d1&ds=AVG&v= 11.1.0.7&lang=en&pr=pr&d=2012-06-29%2010%3A28%3A54&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/10/19 22:41:25 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dl l () FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic .com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB. dll (TelevisionFanatic) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/10/19 22:41:25 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/29 10:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/30 15:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 06:31:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 06:31:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 13:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlies\AppData\Roaming\Mozilla\Extensio ns [2012/06/23 10:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\extensions [2012/06/20 15:10:55 | 000,009,613 | ---- | M] () -- C:\Users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\searchplugins\my-web-search.xml [2012/04/26 06:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/30 15:35:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012/06/18 06:31:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/30 15:35:11 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/17 07:29:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/17 07:29:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - Startup: C:\Users\Charlies\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{05605ECB-4734-4BBC-8CB7-F5BCD0381F0D}: DhcpNameServer = 172.27.35.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{79C6089E-D14F-478E-94BA-5E74F88E06C1}: DhcpNameServer = 172.27.35.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{41afb87b-b6bb-11e1-9d40-c80aa9fd1ea4}\Shell - "" = AutoRun O33 - MountPoints2\{41afb87b-b6bb-11e1-9d40-c80aa9fd1ea4}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/02 20:10:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe [2012/06/30 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\AVG Secure Search [2012/06/30 15:35:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache [2012/06/30 07:40:08 | 000,000,000 | ---D | C] -- C:\Users\Charlies\Desktop\2012_06_30 [2012/06/30 07:35:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2012/06/29 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\AVG [2012/06/29 11:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/06/29 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\AVG2012 [2012/06/29 10:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012/06/29 10:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/06/29 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/06/29 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/06/29 10:27:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/06/29 10:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/06/29 10:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/06/29 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/06/29 10:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/06/29 10:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/06/29 10:16:38 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\HuluDesktop [2012/06/26 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [2012/06/26 21:50:53 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012/06/26 07:38:22 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\WinBatch [2012/06/26 07:37:46 | 035,333,144 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Charlies\Desktop\sp46471.exe [2012/06/23 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\ElevatedDiagnostic s [2012/06/19 07:07:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/19 07:07:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/19 07:07:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/19 07:06:57 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/06/19 07:06:57 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/06/19 07:06:57 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/06/19 07:06:43 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/19 07:06:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/18 09:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponAlert_2pEI [2012/06/15 16:55:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/15 16:55:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/15 16:55:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/15 03:00:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/15 03:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/15 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/15 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/15 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/15 03:00:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/15 03:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/15 03:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/15 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/15 03:00:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/15 03:00:52 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/15 03:00:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/15 03:00:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/14 21:26:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/14 21:26:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/14 21:26:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe ========== Files - Modified Within 30 Days ========== [2012/07/02 20:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe [2012/07/02 19:55:31 | 000,000,834 | ---- | M] () -- C:\Users\Charlies\Desktop\CEF Newsletter reply.rtf [2012/07/02 19:52:48 | 100,961,505 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/02 19:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/30 22:06:25 | 000,018,661 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/30 07:36:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 07:36:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 07:33:41 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/30 07:33:41 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/30 07:33:41 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/30 07:27:40 | 3019,345,920 | -HS- | M] () -- C:\hiberfil.sys [2012/06/29 11:31:30 | 000,001,136 | ---- | M] () -- C:\Users\Charlies\Desktop\AVG PC Tuneup 2011.lnk [2012/06/29 10:29:17 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/29 10:27:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/06/29 10:27:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/06/29 10:23:12 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/28 19:55:39 | 000,007,118 | ---- | M] () -- C:\Users\Charlies\Documents\winnit.rtf [2012/06/28 19:38:37 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/06/27 21:44:54 | 000,007,601 | ---- | M] () -- C:\Users\Charlies\AppData\Local\Resmon.ResmonCfg [2012/06/27 16:41:44 | 000,025,049 | ---- | M] () -- C:\Users\Charlies\Desktop\System restore message.jpg [2012/06/26 07:38:00 | 035,333,144 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Charlies\Desktop\sp46471.exe [2012/06/23 18:52:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/23 16:54:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/15 09:35:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _09_00.Wdf [2012/06/15 03:26:20 | 000,354,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/07/02 19:55:31 | 000,000,834 | ---- | C] () -- C:\Users\Charlies\Desktop\CEF Newsletter reply.rtf [2012/07/02 19:52:48 | 100,961,505 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/30 22:06:25 | 000,018,661 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/29 11:31:30 | 000,001,136 | ---- | C] () -- C:\Users\Charlies\Desktop\AVG PC Tuneup 2011.lnk [2012/06/29 10:29:17 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/29 10:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/06/29 10:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/06/28 19:55:39 | 000,007,118 | ---- | C] () -- C:\Users\Charlies\Documents\winnit.rtf [2012/06/28 19:38:37 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012/06/27 21:37:32 | 000,007,601 | ---- | C] () -- C:\Users\Charlies\AppData\Local\Resmon.ResmonCfg [2012/06/27 16:41:44 | 000,025,049 | ---- | C] () -- C:\Users\Charlies\Desktop\System restore message.jpg [2012/06/15 09:35:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _09_00.Wdf [2012/04/16 23:19:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/03/13 16:33:25 | 000,000,460 | ---- | C] () -- C:\Users\Charlies\AppData\Roaming\wklnhst.dat [2012/02/04 13:12:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/01/08 22:46:48 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2010/10/19 23:15:13 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/19 22:25:13 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/19 22:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >
|
|
#7
July 6th, 2012, 01:25 AM
|
|||
|
|||
|
NO Audio and no system restore, scan results continued
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-05 19:41:33 ----------------------------- 19:41:33.938 OS Version: Windows x64 6.1.7601 Service Pack 1 19:41:33.938 Number of processors: 2 586 0x603 19:41:33.939 ComputerName: CHARLIES-HP UserName: Charlies 19:41:35.953 Initialize success 19:42:53.168 AVAST engine defs: 12070501 19:42:58.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 19:42:58.356 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11 19:42:58.370 Disk 0 MBR read successfully 19:42:58.372 Disk 0 MBR scan 19:42:58.376 Disk 0 unknown MBR code 19:42:58.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:42:58.387 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700216 MB offset 206848 19:42:58.410 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15085 MB offset 1434249985 19:42:58.449 Disk 0 scanning C:\Windows\system32\drivers 19:43:07.802 Service scanning 19:43:26.051 Modules scanning 19:43:26.057 Disk 0 trace - called modules: 19:43:26.066 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 19:43:26.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048b4640] 19:43:26.075 3 CLASSPNP.SYS[fffff880019b443f] -> nt!IofCallDriver -> [0xfffffa800479c040] 19:43:26.079 5 amdxata.sys[fffff880010e87a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80047987e0] 19:43:29.078 AVAST engine scan C:\Windows 19:43:32.625 AVAST engine scan C:\Windows\system32 19:46:53.325 AVAST engine scan C:\Windows\system32\drivers 19:47:09.176 AVAST engine scan C:\Users\Charlies 19:57:57.946 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 19:57:57.952 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt" OTL logfile created on: 7/2/2012 8:18:46 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Charlies\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.15% Memory free 7.50 Gb Paging File | 5.75 Gb Available in Paging File | 76.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.81 Gb Total Space | 593.77 Gb Free Space | 86.83% Space Free | Partition Type: NTFS Drive D: | 14.73 Gb Total Space | 1.83 Gb Free Space | 12.44% Space Free | Partition Type: NTFS Computer Name: CHARLIES-HP | User Name: Charlies | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/02 20:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe PRC - [2012/06/30 15:35:12 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012/06/30 15:35:11 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/06 00:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2010/07/14 11:29:24 | 000,026,168 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSy ncCalReminderApp.exe PRC - [2010/07/14 11:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e PRC - [2010/07/02 14:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe PRC - [2010/06/23 15:09:52 | 000,432,752 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe PRC - [2010/06/23 15:09:36 | 000,125,552 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010/06/18 17:30:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/04/16 18:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/06/30 15:35:13 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012/06/30 15:35:11 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/06/15 03:29:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\e717a230496832656b05b515eb9f3bc5 \PresentationFramework.ni.dll MOD - [2012/06/15 03:29:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll MOD - [2012/06/15 03:29:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll MOD - [2012/06/15 03:29:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\14a87218ea49639f38097e278b98a3da\Pre sentationCore.ni.dll MOD - [2012/06/15 03:19:35 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Rea chFramework\442af6f7c8b447bdec3ad8d23da89c5a\Reach Framework.ni.dll MOD - [2012/06/15 03:09:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\e7dc084827f8df2dbdc819db5c633a0d\Pre sentationCore.ni.dll MOD - [2012/06/15 03:09:00 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\3971e166cf827b6726e142f344061dc9 \System.Windows.Forms.ni.dll MOD - [2012/06/15 03:08:55 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\21f37f9f5162af7efb52169012bd111e\WindowsB ase.ni.dll MOD - [2012/06/15 03:08:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\8c40f40ef36622109793788049fbe9ab\Syste m.Drawing.ni.dll MOD - [2012/05/11 03:39:13 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\Sy stem.Management.ni.dll MOD - [2012/05/11 03:37:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\8e56489276063ededde74e597a121df3 \PresentationFramework.Aero.ni.dll MOD - [2012/05/11 03:36:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c \System.Runtime.Remoting.ni.dll MOD - [2012/05/11 03:36:56 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f3814b488d9e083cbbc623e01b389f09\System.D ata.ni.dll MOD - [2012/05/11 03:36:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsB ase.ni.dll MOD - [2012/05/11 03:36:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll MOD - [2012/05/11 03:36:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll MOD - [2012/05/11 03:36:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 03:36:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll MOD - [2012/05/11 03:23:07 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e \System.IdentityModel.ni.dll MOD - [2012/05/11 03:23:06 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\ System.ServiceModel.ni.dll MOD - [2012/05/11 03:21:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c \System.Runtime.DurableInstancing.ni.dll MOD - [2012/05/11 03:21:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e \System.Runtime.Serialization.ni.dll MOD - [2012/05/11 03:21:30 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiag nostics.ni.dll MOD - [2012/05/11 03:06:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\d1f299160424bad90fe9f658661389e2\System.Xm l.ni.dll MOD - [2012/05/11 03:06:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\623d2a0f11dd82bb9bc13d1cb981b239 \System.Configuration.ni.dll MOD - [2012/05/11 03:06:34 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\ed91b57205429a23bb91f4499059a459\System.C ore.ni.dll MOD - [2012/05/11 03:06:20 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/05/11 03:06:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni .dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll MOD - [2010/10/19 22:34:13 | 000,122,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibra ry\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibra ry.dll MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Exce ptionHandling.Logging.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/12/06 00:34:36 | 006,378,128 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/11/17 07:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/06/30 15:35:12 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012/06/18 06:31:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010/07/14 11:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e -- (CalendarSynchService) SRV - [2010/06/23 15:09:36 | 000,125,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/04/16 18:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010/06/18 17:31:30 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/05/03 18:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/12/19 00:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{2A6B902E-18FD-4C5B-B535-3824F4487875}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2CB65099-F8C9-411A-989C-1588C5505FD8}: "URL" = http://www.ask.com/web?q={searchterms
|
|
#8
July 6th, 2012, 01:29 AM
|
|||
|
|||
|
NO Audio and no system restore final report
This is a continuation of the GMER report
}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{5FB9EC16-4E4F-4A94-84F0-7C2460F738F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{F72E916A-E188-48B8-8A02-CB849A02A7FF}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^CD^xdm264^S01786^us&si=7967&ptb=2 4C92B53-5B69-405F-A9B7-5DC701CFF625&ind=2012062321&n=77eda271&psa=&st=sb& searchfor={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {A17428F9-E711-408B-B54C-7345014F30A1} IE - HKCU\..\SearchScopes\{2A6B902E-18FD-4C5B-B535-3824F4487875}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKCU\..\SearchScopes\{2CB65099-F8C9-411A-989C-1588C5505FD8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKCU\..\SearchScopes\{5FB9EC16-4E4F-4A94-84F0-7C2460F738F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B924668D-1798-4B35-A1E6-4B8A99AE6998}&mid=7fc32f45f40c47d08c981943ef19f757-429095f078670472d66d0e23af04a2b1259b24d1&lang=en&d s=AVG&pr=pr&d=2012-06-29 10:28:54&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A17428F9-E711-408B-B54C-7345014F30A1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS466 IE - HKCU\..\SearchScopes\{F72E916A-E188-48B8-8A02-CB849A02A7FF}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B3b0a6221-4c56-4f39-82c3-4e2f24ea7309%7D&mid=7fc32f45f40c47d08c981943ef19f7 57-429095f078670472d66d0e23af04a2b1259b24d1&ds=AVG&v= 11.1.0.7&lang=en&pr=pr&d=2012-06-29%2010%3A28%3A54&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/10/19 22:41:25 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dl l () FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic .com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB. dll (TelevisionFanatic) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/10/19 22:41:25 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/29 10:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/30 15:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 06:31:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 06:31:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 13:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlies\AppData\Roaming\Mozilla\Extensio ns [2012/06/23 10:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\extensions [2012/06/20 15:10:55 | 000,009,613 | ---- | M] () -- C:\Users\Charlies\AppData\Roaming\Mozilla\Firefox\ Profiles\rlt7d7d9.default\searchplugins\my-web-search.xml [2012/04/26 06:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/30 15:35:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012/06/18 06:31:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/30 15:35:11 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/17 07:29:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/17 07:29:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - Startup: C:\Users\Charlies\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{05605ECB-4734-4BBC-8CB7-F5BCD0381F0D}: DhcpNameServer = 172.27.35.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{79C6089E-D14F-478E-94BA-5E74F88E06C1}: DhcpNameServer = 172.27.35.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{41afb87b-b6bb-11e1-9d40-c80aa9fd1ea4}\Shell - "" = AutoRun O33 - MountPoints2\{41afb87b-b6bb-11e1-9d40-c80aa9fd1ea4}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/02 20:10:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe [2012/06/30 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\AVG Secure Search [2012/06/30 15:35:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache [2012/06/30 07:40:08 | 000,000,000 | ---D | C] -- C:\Users\Charlies\Desktop\2012_06_30 [2012/06/30 07:35:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2012/06/29 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\AVG [2012/06/29 11:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/06/29 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\AVG2012 [2012/06/29 10:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012/06/29 10:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/06/29 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/06/29 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/06/29 10:27:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/06/29 10:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/06/29 10:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/06/29 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/06/29 10:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/06/29 10:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/06/29 10:16:38 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\HuluDesktop [2012/06/26 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [2012/06/26 21:50:53 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012/06/26 07:38:22 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Roaming\WinBatch [2012/06/26 07:37:46 | 035,333,144 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Charlies\Desktop\sp46471.exe [2012/06/23 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Charlies\AppData\Local\ElevatedDiagnostic s [2012/06/19 07:07:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/19 07:07:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/19 07:07:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/19 07:06:57 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/06/19 07:06:57 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/06/19 07:06:57 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/06/19 07:06:43 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/19 07:06:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/18 09:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponAlert_2pEI [2012/06/15 16:55:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/15 16:55:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/15 16:55:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/15 03:00:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/15 03:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/15 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/15 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/15 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/15 03:00:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/15 03:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/15 03:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/15 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/15 03:00:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/15 03:00:52 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/15 03:00:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/15 03:00:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/14 21:26:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/14 21:26:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/14 21:26:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe ========== Files - Modified Within 30 Days ========== [2012/07/02 20:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Charlies\Desktop\OTL.exe [2012/07/02 19:55:31 | 000,000,834 | ---- | M] () -- C:\Users\Charlies\Desktop\CEF Newsletter reply.rtf [2012/07/02 19:52:48 | 100,961,505 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/02 19:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/30 22:06:25 | 000,018,661 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/30 07:36:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 07:36:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 07:33:41 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/30 07:33:41 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/30 07:33:41 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/30 07:27:40 | 3019,345,920 | -HS- | M] () -- C:\hiberfil.sys [2012/06/29 11:31:30 | 000,001,136 | ---- | M] () -- C:\Users\Charlies\Desktop\AVG PC Tuneup 2011.lnk [2012/06/29 10:29:17 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/29 10:27:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/06/29 10:27:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/06/29 10:23:12 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/28 19:55:39 | 000,007,118 | ---- | M] () -- C:\Users\Charlies\Documents\winnit.rtf [2012/06/28 19:38:37 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/06/27 21:44:54 | 000,007,601 | ---- | M] () -- C:\Users\Charlies\AppData\Local\Resmon.ResmonCfg [2012/06/27 16:41:44 | 000,025,049 | ---- | M] () -- C:\Users\Charlies\Desktop\System restore message.jpg [2012/06/26 07:38:00 | 035,333,144 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Charlies\Desktop\sp46471.exe [2012/06/23 18:52:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/23 16:54:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/15 09:35:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _09_00.Wdf [2012/06/15 03:26:20 | 000,354,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/07/02 19:55:31 | 000,000,834 | ---- | C] () -- C:\Users\Charlies\Desktop\CEF Newsletter reply.rtf [2012/07/02 19:52:48 | 100,961,505 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/30 22:06:25 | 000,018,661 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/29 11:31:30 | 000,001,136 | ---- | C] () -- C:\Users\Charlies\Desktop\AVG PC Tuneup 2011.lnk [2012/06/29 10:29:17 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/29 10:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/06/29 10:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/06/28 19:55:39 | 000,007,118 | ---- | C] () -- C:\Users\Charlies\Documents\winnit.rtf [2012/06/28 19:38:37 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012/06/27 21:37:32 | 000,007,601 | ---- | C] () -- C:\Users\Charlies\AppData\Local\Resmon.ResmonCfg [2012/06/27 16:41:44 | 000,025,049 | ---- | C] () -- C:\Users\Charlies\Desktop\System restore message.jpg [2012/06/15 09:35:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _09_00.Wdf [2012/04/16 23:19:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/03/13 16:33:25 | 000,000,460 | ---- | C] () -- C:\Users\Charlies\AppData\Roaming\wklnhst.dat [2012/02/04 13:12:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/01/08 22:46:48 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2010/10/19 23:15:13 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/19 22:25:13 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/19 22:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >
|
|
#9
July 6th, 2012, 04:18 AM
|
||||
|
||||
|
Do you have the results of the other two scans yet?
These logs so far have a bit of maybe search hijacker activity, but the one thing of notice is Microsoft Antimalware errors. Are those from MS Security Essentials, or is Windows Defender active there, if you know? If Security essentials, was it installed at the same time AVG was installed?
|
|
#10
July 15th, 2012, 11:09 PM
|
|||
|
|||
|
Wow, I guess I missed your quick reply. Been waiting all this time , my fault.
What other two scans are you not seeing? I thought I posted all 3 scans in my posts of July 5th. It took 4 posts to get all the information because of character limits. If you don't see them above, I can re post them. Anyway, I don't think windows defender was active. The Antimalware errors were probably when I tried to update MS Security Essentials or when I tried to re-install it. I didn't install AVG until after Security Essentials failed to install.
|
|
#11
July 16th, 2012, 02:21 AM
|
||||
|
||||
|
These please.
Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
|
|
#12
July 16th, 2012, 11:23 PM
|
|||
|
|||
|
OK, the GMER scanned and displayed a message saying that it did not find any modifications. I clicked the COPY buttton but there was nothing to paste.
Here is the results of the aswMBR scan: aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-15 21:52:19 ----------------------------- 21:52:19.797 OS Version: Windows x64 6.1.7601 Service Pack 1 21:52:19.797 Number of processors: 2 586 0x603 21:52:19.797 ComputerName: CHARLIES-HP UserName: Charlies 21:52:22.144 Initialize success 21:53:17.870 AVAST engine defs: 12071501 21:53:19.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 21:53:19.670 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11 21:53:19.689 Disk 0 MBR read successfully 21:53:19.693 Disk 0 MBR scan 21:53:19.699 Disk 0 unknown MBR code 21:53:19.707 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:53:19.723 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700216 MB offset 206848 21:53:19.754 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15085 MB offset 1434249985 21:53:19.805 Disk 0 scanning C:\Windows\system32\drivers 21:53:29.727 Service scanning 21:53:48.093 Modules scanning 21:53:48.110 Disk 0 trace - called modules: 21:53:48.124 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 21:53:48.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004903060] 21:53:48.473 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800485ea00] 21:53:48.478 5 amdxata.sys[fffff88000df27a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa800485a4f0] 21:53:50.493 AVAST engine scan C:\Windows 21:53:53.514 AVAST engine scan C:\Windows\system32 21:57:18.445 AVAST engine scan C:\Windows\system32\drivers 21:57:33.779 AVAST engine scan C:\Users\Charlies 22:15:12.788 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 22:15:12.794 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt" 22:29:44.121 AVAST engine scan C:\ProgramData 22:34:39.453 Scan finished successfully 06:03:11.508 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 06:03:11.513 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-15 21:52:19 ----------------------------- 21:52:19.797 OS Version: Windows x64 6.1.7601 Service Pack 1 21:52:19.797 Number of processors: 2 586 0x603 21:52:19.797 ComputerName: CHARLIES-HP UserName: Charlies 21:52:22.144 Initialize success 21:53:17.870 AVAST engine defs: 12071501 21:53:19.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 21:53:19.670 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11 21:53:19.689 Disk 0 MBR read successfully 21:53:19.693 Disk 0 MBR scan 21:53:19.699 Disk 0 unknown MBR code 21:53:19.707 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:53:19.723 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700216 MB offset 206848 21:53:19.754 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15085 MB offset 1434249985 21:53:19.805 Disk 0 scanning C:\Windows\system32\drivers 21:53:29.727 Service scanning 21:53:48.093 Modules scanning 21:53:48.110 Disk 0 trace - called modules: 21:53:48.124 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 21:53:48.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004903060] 21:53:48.473 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800485ea00] 21:53:48.478 5 amdxata.sys[fffff88000df27a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa800485a4f0] 21:53:50.493 AVAST engine scan C:\Windows 21:53:53.514 AVAST engine scan C:\Windows\system32 21:57:18.445 AVAST engine scan C:\Windows\system32\drivers 21:57:33.779 AVAST engine scan C:\Users\Charlies 22:15:12.788 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 22:15:12.794 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt" 22:29:44.121 AVAST engine scan C:\ProgramData 22:34:39.453 Scan finished successfully 06:03:11.508 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 06:03:11.513 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt" 06:04:35.546 Disk 0 MBR has been saved successfully to "C:\Users\Charlies\Desktop\MBR.dat" 06:04:35.550 The log file has been saved successfully to "C:\Users\Charlies\Desktop\aswMBR.txt"
|
|
#14
July 17th, 2012, 03:32 AM
|
|||
|
|||
|
I ran the Gmer scan again and followed your steps. As before, after the scan completed I got a small window with the message "Gmer hasn't found any System modification". You have to click OK to get to the Copy button. When I click the copy button, nothing is copied to my clip board. I took a screen shot of this if you would like to see it, but I don't know how to post a picture to this forum.
Thanks again for sticking with me on this
|
|
#15
July 18th, 2012, 01:12 AM
|
||||
|
||||
|
All your issues sure sound like malware involvement, yet no malware showing so far.
Please turn-off Windows Defender - go to Control Panel - Classic View - Windows Defender - Under Administrator options, uncheck the "Use Windows Defender" check box, and then click Save. Then in Uninstall/Programs and Features, uninstall AVG. Be sure to have it remove everything (including it's search hijacker toolbar), then reboot after. ---------- Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. Last edited by Jintan; July 19th, 2012 at 11:37 PM. Reason: "you" needs an "r" to become "your".
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 12:06 PM.
