Something Redirecting Internet Browser [Archive]

View Full Version : Something Redirecting Internet Browser

felhet

2014-01-08, 04:34

My parents are having problems with their computer. Something is redirecting their homepage and causing popups and ads to constantly appear. I appreciate any help you can give.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Linda at 21:01:36 on 2014-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2263 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\albrechto\updatealbrechto.exe
C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Windows\System32\igfxpers.exe
C:\3DEmbroidery\DesignerSECommuni.exe
C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mumbojumbo.iplay.com/?o=shp
uDefault_Page_URL = hxxp://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22
mWinlogon: Userinit = userinit.exe
BHO: albrechto: {1881a451-f7fb-44bc-85b2-fcea4b1403e3} - C:\Program Files (x86)\albrechto\albrechtobho.dll
BHO: MyWordTool: {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Linda\AppData\Roaming\MyWordTool\temp.dat
BHO: TidyNetwork: {53F175C8-863E-3114-CDC8-EFC75E9A3052} - C:\Program Files (x86)\TidyNetwork\petn.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [DesignerSECommuni.exe] C:\3DEmbroidery\DesignerSECommuni.exe
uRun: [EmbMachineComms.exe] C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB}\342716A79786F6273756 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB}\A42545 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: TidyNetwork: {53F175C8-863E-3114-CDC8-EFC75E9A3052} - C:\Program Files (x86)\TidyNetwork\petn64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22
FF - prefs.js: keyword.URL - hxxp://search.findwide.com/serp?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&action=default_search&serpv=22&k=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-20 19:02; {b2b46577-0217-4ec5-a467-7a1e8d0d7b71}; C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
FF - ExtSQL: 2013-12-31 00:00; emily@wilford.biz; C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\extensions\emily@wilford.biz
.
---- FIREFOX POLICIES ----
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: keyword.URL - hxxp://search.findwide.com/serp?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&action=default_search&serpv=22&k=
FF - user.js: browser.search.defaultenginename - FindWide
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - file:///C:\Users\Linda\AppData\Local\TNT2\Common\pinnedSearch.htm
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-15 90056]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-15 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-15 2425960]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-15 2656280]
R2 Update albrechto;Update albrechto;C:\Program Files (x86)\albrechto\updatealbrechto.exe [2013-12-6 66848]
R2 Util albrechto;Util albrechto;C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe [2014-1-1 66848]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-12-31 56584]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-28 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSviA64.sys [2013-2-22 513184]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-2 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-15 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-15 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-24 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-15 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-08 01:45:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36BED0BF-9976-475D-97BB-BB726D3470DB}\mpengine.dll
2014-01-02 00:43:18 -------- d-----w- C:\Users\Linda\AppData\Roaming\4 Friends Games
2013-12-31 22:05:51 -------- d-----w- C:\Users\Linda\AppData\Roaming\Optimizer Pro
2013-12-31 22:03:53 -------- d-----w- C:\Remote Programs
2013-12-31 22:03:52 -------- d-----w- C:\ProgramData\Free Ride Games
2013-12-31 22:03:50 58264 ------w- C:\Windows\ExentInfo.exe
2013-12-31 22:03:50 -------- d-----w- C:\Program Files (x86)\Free Ride Games
2013-12-31 22:03:49 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-31 22:03:49 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-31 22:03:49 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-31 22:03:49 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-31 22:03:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-31 22:01:25 -------- d-----w- C:\Program Files (x86)\albrechto
2013-12-31 22:00:36 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-12-31 22:00:34 -------- d-----w- C:\Users\Linda\AppData\Local\Programs
2013-12-31 22:00:18 -------- d-----w- C:\Users\Linda\AppData\Roaming\MyWordTool
2013-12-31 22:00:15 -------- d-----w- C:\Users\Linda\AppData\Local\TidyNetwork
2013-12-31 22:00:15 -------- d-----w- C:\Program Files (x86)\TidyNetwork
2013-12-28 01:24:26 0 ----a-w- C:\Windows\SysWow64\sho31AE.tmp
2013-12-21 00:04:49 -------- d-----w- C:\Users\Linda\AppData\Local\Vast Studios
2013-12-21 00:00:23 -------- d-----w- C:\Program Files (x86)\eGames
2013-12-13 01:51:04 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 01:51:04 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 01:51:04 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 01:51:03 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 02:20:32 335360 ----a-w- C:\Windows\System32\msieftp.dll
.
==================== Find3M ====================
.
2013-12-11 23:18:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 23:18:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 21:02:06.26 ===============

11144

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-07 21:03:22
-----------------------------
21:03:22.547 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:22.548 Number of processors: 2 586 0x2A07
21:03:22.548 ComputerName: LINDA-HP UserName: Linda
21:03:25.169 Initialize success
21:05:42.903 AVAST engine defs: 14010701
21:05:54.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:05:54.033 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:05:54.163 Disk 0 MBR read successfully
21:05:54.163 Disk 0 MBR scan
21:05:54.173 Disk 0 Windows 7 default MBR code
21:05:54.173 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:05:54.193 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 280879 MB offset 409600
21:05:54.223 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20102 MB offset 575649792
21:05:54.233 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4061 MB offset 616818688
21:05:54.283 Disk 0 scanning C:\Windows\system32\drivers
21:06:04.891 Service scanning
21:06:40.043 Modules scanning
21:06:40.053 Disk 0 trace - called modules:
21:06:40.083 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:06:40.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800716d060]
21:06:40.103 3 CLASSPNP.SYS[fffff88001d0843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e7050]
21:06:41.923 AVAST engine scan C:\Windows
21:06:43.953 AVAST engine scan C:\Windows\system32
21:09:40.565 AVAST engine scan C:\Windows\system32\drivers
21:09:56.314 AVAST engine scan C:\Users\Linda
21:14:41.705 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
21:14:41.705 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"

Dakeyras

2014-01-08, 11:58

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome back to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg

Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg (http://s280.photobucket.com/user/Dakeyras_album2/media/TBRB-2.jpg.html)

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

Uninstall Software:

Now please go to Start(Windows 7 orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

albrechto
Free Ride Games Player
MyWordTool
Optimizer Pro
TidyNetwork

To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program

Scan with AdwCleaner:

Please download adwcleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) and save to your desktop.

Alternate downloads are here (http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml) or here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner).

Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report in your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

felhet

2014-01-09, 03:27

Thank you for the nice welcome. You guys are very helpful!

I uninstalled those programs. Free ride games and the optimizer program both tried to get me to down load something else. After installing the programs my home page was not redirected.

Below is the AdwCleaner report:

# AdwCleaner v3.016 - Report created 08/01/2014 at 20:18:58
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-HP
# Running from : C:\Users\Linda\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Users\Linda\Documents\optimizer pro
Folder Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\Extensions\emily@wilford.biz
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchEngineProtection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\prefs.js ]

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [4488 octets] - [08/01/2014 20:17:55]
AdwCleaner[S0].txt - [3615 octets] - [08/01/2014 20:18:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3675 octets] ##########

Dakeyras

2014-01-09, 10:48

Hi. :)

Thank you for the nice welcome. You guys are very helpful!
You're welcome!

I uninstalled those programs. Free ride games and the optimizer program both tried to get me to down load something else. After installing the programs my home page was not redirected.
Acknowledged.

Scan with JRT:

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).

Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox and select both the LOP and Purity options.
Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CreateRestorePoint

Now click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered ?
JRT Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

felhet

2014-01-09, 14:10

Again, thank you for your quick response!

The computer seems to be running well. The only thing a little strange is a while ago the icons on the desktop became much smaller out of the blue. I have never been able to get them back to normal size. I am not sure if that is a malware or if my parents inadvertently did something.

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Linda on Thu 01/09/2014 at 6:06:52.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7099074-89F7-47F1-82F4-968233C52034}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A7099074-89F7-47F1-82F4-968233C52034}

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho31AE.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\mywordtool"

~~~ FireFox

Emptied folder: C:\Users\Linda\AppData\Roaming\mozilla\firefox\profiles\hxcrj1cb.default\minidumps [153 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/09/2014 at 6:15:14.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

felhet

2014-01-09, 14:14

OTL.TXT

I have to break this up. I received an error saying the test was too long and the file size too big.

OTL logfile created on: 1/9/2014 6:19:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.73% Memory free
7.90 Gb Paging File | 6.25 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.30 Gb Total Space | 179.70 Gb Free Space | 65.51% Space Free | Partition Type: NTFS
Drive D: | 19.63 Gb Total Space | 2.39 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.09% Space Free | Partition Type: FAT32
Drive F: | 653.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LINDA-HP | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/01/09 06:16:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Downloads\OTL.exe
PRC - [2013/12/21 22:41:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/09/06 10:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/04 11:15:02 | 000,091,136 | ---- | M] (KSIN Luxembourg II Sarl.) -- C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe
PRC - [2011/10/07 21:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/28 17:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2005/07/08 13:57:24 | 000,069,632 | ---- | M] (VSM Software Ltd.) -- C:\3DEmbroidery\DesignerSECommuni.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/21 22:41:51 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/19 20:12:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/03/08 17:11:42 | 000,611,328 | ---- | M] () -- C:\ProgramData\VSMSoftware\5DEmbroidery\Themes\Office2007.cjstyles
MOD - [2004/08/16 10:29:56 | 000,356,352 | ---- | M] () -- C:\3DEmbroidery\VSM_VMR.dll

========== Services (SafeList) ==========

SRV:[b]64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/15 11:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2011/09/08 08:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/01/01 19:16:01 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/21 22:41:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 18:18:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/06 10:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/01 00:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/02 12:32:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/04/02 12:32:08 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/03/15 11:52:08 | 000,331,144 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2013/03/15 11:52:08 | 000,303,368 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2013/03/15 11:52:08 | 000,141,064 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2013/03/15 11:52:08 | 000,090,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2013/03/15 11:52:08 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2013/03/15 11:52:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2012/12/29 16:08:15 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/14 23:02:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/08/14 23:02:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 08:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 14:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/01/18 22:04:19 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/18 22:04:19 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130222.003\eng64.sys -- (NAVENG)
DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/28 13:27:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/25 10:29:25 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/22 03:59:48 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)
DRV - [1997/11/26 06:32:18 | 000,041,984 | ---- | M] (Husqvarna Sewing Machines AB) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SEMLPT.SYS -- (SemLPT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A7099074-89F7-47F1-82F4-968233C52034}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mumbojumbo.iplay.com/?o=shp
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10795
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes\{F0E6E776-6120-4575-B43C-E853E580061B}: "URL" = http://search.findwide.com/serp?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&action=default_search&serpv=22&k={searchTerms}
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "FindWide"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/12/28 19:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/01/08 20:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/24 18:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2014/01/08 20:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\extensions
[2009/12/16 09:00:34 | 000,000,690 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\hxcrj1cb.default\searchplugins\egames.xml
[2014/01/08 20:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 22:41:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/07 14:56:28 | 000,001,467 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober-1953977777.xml
[2013/08/23 17:00:32 | 000,000,786 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober701545934.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod\1.0.0_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001..\Run: [DesignerSECommuni.exe] C:\3DEmbroidery\DesignerSECommuni.exe (VSM Software Ltd.)
O4 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001..\Run: [EmbMachineComms.exe] C:\Program Files (x86)\VSMSoftware\5DEmbroidery\EmbMachineComms.exe (KSIN Luxembourg II Sarl.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FEAF339-7B6B-4A92-90B5-E5B21D8BDBAB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/22 15:12:04 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3f648627-e71a-11e1-b5ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f648627-e71a-11e1-b5ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011/02/08 14:30:20 | 000,052,184 | R--- | M] (eGames)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 06:06:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/08 20:17:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/08 20:06:53 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/01/08 20:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/01/08 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/01/08 20:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/07 20:57:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/07 20:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/07 20:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/01 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\4 Friends Games
[2013/12/31 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Programs
[2013/12/21 22:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/20 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Vast Studios
[2013/12/20 19:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
[2013/12/20 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eGames
[2013/12/13 15:26:02 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\Embroidertique
[2013/12/12 20:51:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 20:51:03 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 20:51:03 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 20:51:02 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 20:49:42 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 20:49:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 20:49:41 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 20:49:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 20:49:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 20:49:41 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 20:49:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 20:49:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 20:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 20:49:40 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 20:49:40 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 20:49:40 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 20:49:40 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 20:49:39 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 20:49:38 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 20:49:36 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 21:20:32 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 21:20:31 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 21:20:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 21:20:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 21:20:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 21:20:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 21:20:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 21:20:04 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 21:20:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 21:20:04 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 21:20:04 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 21:20:04 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 21:20:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx

========== Files - Modified Within 30 Days ==========

[2014/01/09 06:09:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 06:09:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 06:05:26 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 06:05:26 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 06:05:26 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 06:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 06:04:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 06:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/08 20:21:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 20:20:30 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLinda.job
[2014/01/08 20:20:10 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/08 20:07:25 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LINDA-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/08 20:06:03 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/08 20:03:57 | 000,001,122 | ---- | M] () -- C:\Users\Linda\Desktop\Continue Zip Opener Installation.lnk
[2014/01/07 21:14:41 | 000,000,512 | ---- | M] () -- C:\Users\Linda\Desktop\MBR.dat
[2014/01/07 20:56:48 | 000,000,905 | ---- | M] () -- C:\Users\Linda\Desktop\ERUNT.lnk
[2014/01/01 19:16:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2013/12/31 17:03:53 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/12/20 19:00:58 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\Nightfall Mysteries - The Curse of the Opera.lnk
[2013/12/19 12:54:27 | 000,086,536 | ---- | M] () -- C:\Users\Linda\Desktop\runner.jpg
[2013/12/13 14:58:07 | 000,037,268 | ---- | M] () -- C:\Users\Linda\Desktop\mBa.vp3
[2013/12/13 13:22:56 | 000,052,130 | ---- | M] () -- C:\Users\Linda\Desktop\cLa.vp3
[2013/12/12 21:22:26 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/11 21:03:58 | 000,021,314 | ---- | M] () -- C:\Users\Linda\Desktop\g.vp3
[2013/12/11 18:18:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 18:18:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/01/08 20:07:25 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LINDA-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/08 20:06:03 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/08 20:03:57 | 000,001,122 | ---- | C] () -- C:\Users\Linda\Desktop\Continue Zip Opener Installation.lnk
[2014/01/07 21:14:41 | 000,000,512 | ---- | C] () -- C:\Users\Linda\Desktop\MBR.dat
[2014/01/07 20:56:48 | 000,000,905 | ---- | C] () -- C:\Users\Linda\Desktop\ERUNT.lnk
[2013/12/31 17:03:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/12/31 16:56:43 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLinda.job
[2013/12/20 19:00:57 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\Nightfall Mysteries - The Curse of the Opera.lnk
[2013/12/19 12:54:26 | 000,086,536 | ---- | C] () -- C:\Users\Linda\Desktop\runner.jpg
[2013/12/13 14:58:07 | 000,037,268 | ---- | C] () -- C:\Users\Linda\Desktop\mBa.vp3
[2013/12/13 13:22:56 | 000,052,130 | ---- | C] () -- C:\Users\Linda\Desktop\cLa.vp3
[2013/12/11 21:03:58 | 000,021,314 | ---- | C] () -- C:\Users\Linda\Desktop\g.vp3
[2013/06/05 10:16:02 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/02 12:32:31 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/04/02 12:32:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/04/02 12:32:29 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/12/28 13:24:04 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/12/28 13:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/15 00:49:42 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/05 14:00:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2014/01/01 19:43:18 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\4 Friends Games
[2012/12/29 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Absolutist
[2013/04/26 08:19:46 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Alawar
[2013/03/09 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\AlawarEntertainment
[2013/02/02 08:52:10 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\AlderGames
[2013/02/24 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Artifex Mundi
[2013/01/25 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\ArtifexMundi
[2013/01/22 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Awem
[2013/04/21 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Boolat Games
[2013/02/18 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\cerasus.media
[2012/12/25 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Deep Shadows
[2013/02/02 09:27:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\EntwinedSoD
[2013/05/02 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\ERS G-Studio
[2013/03/13 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Flood Light Games
[2013/01/28 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Fuzzy Bug Interactive
[2013/09/07 20:36:40 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\GameMill Entertainment
[2013/03/10 22:31:02 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\GirlsWithSecrets
[2013/02/10 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Gogii Games
[2013/01/15 17:51:42 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\HitPoint Studios
[2013/01/01 21:38:57 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Hoyle FaceCreator
[2013/01/01 22:13:57 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Hoyle Slots volume 4
[2013/01/11 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Hoyle Slots volume 6
[2013/08/06 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\iWing
[2013/03/24 17:56:01 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Legacy Games
[2013/02/25 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\MagicIndie
[2013/01/31 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Meridian93
[2013/02/07 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\MumboJumbo
[2013/08/23 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Oberon Media
[2013/03/24 16:49:46 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Origin
[2013/08/28 19:45:49 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\PopCapv1003
[2013/01/28 18:29:38 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Rainbow
[2013/02/04 18:18:05 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Silverback Games
[2013/10/26 16:56:07 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SoftGrid Client
[2012/12/24 16:50:11 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Synaptics
[2013/03/10 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Tape_Worm
[2012/12/29 17:02:42 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Temp
[2013/02/05 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\The Curse of the Werewolves
[2013/01/24 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TOMI3
[2013/06/05 10:16:50 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TP
[2013/05/14 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\VSMSoftware
[2012/12/25 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\WildTangent
[2013/10/25 09:13:14 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

felhet

2014-01-09, 14:15

the rest of the OTL

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/08/14 22:56:10 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/08/14 22:59:54 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< C:\program files (x86)\Google\Desktop >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,021,434 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/16 14:51:58 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 14:51:58 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 19:31:13 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/12/31 16:56:43 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForLinda.job

< C:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is B2D0-EE00
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [D:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Evernote
08/14/2012 11:23 PM <SYMLINKD> Evernote3.5 [D:\Program Files (x86)\Evernote\Evernote]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [D:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [D:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [D:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [D:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [D:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [D:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [D:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [D:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [D:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [D:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [D:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [D:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [D:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [D:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Linda
12/24/2012 04:46 PM <JUNCTION> Application Data [C:\Users\Linda\AppData\Roaming]
12/24/2012 04:46 PM <JUNCTION> Cookies [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Cookies]
12/24/2012 04:46 PM <JUNCTION> Local Settings [C:\Users\Linda\AppData\Local]
12/24/2012 04:46 PM <JUNCTION> My Documents [C:\Users\Linda\Documents]
12/24/2012 04:46 PM <JUNCTION> NetHood [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/24/2012 04:46 PM <JUNCTION> PrintHood [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/24/2012 04:46 PM <JUNCTION> Recent [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Recent]
12/24/2012 04:46 PM <JUNCTION> SendTo [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\SendTo]
12/24/2012 04:46 PM <JUNCTION> Start Menu [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu]
12/24/2012 04:46 PM <JUNCTION> Templates [C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Linda\AppData\Local
12/24/2012 04:46 PM <JUNCTION> Application Data [C:\Users\Linda\AppData\Local]
12/24/2012 04:46 PM <JUNCTION> History [C:\Users\Linda\AppData\Local\Microsoft\Windows\History]
12/24/2012 04:46 PM <JUNCTION> Temporary Internet Files [C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Linda\Documents
12/24/2012 04:46 PM <JUNCTION> My Music [C:\Users\Linda\Music]
12/24/2012 04:46 PM <JUNCTION> My Pictures [C:\Users\Linda\Pictures]
12/24/2012 04:46 PM <JUNCTION> My Videos [C:\Users\Linda\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [D:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [D:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [D:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
45 Dir(s) 193,574,281,216 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 351 bytes -> C:\ProgramData\Temp:C6BC11FD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:737160C1

< End of report >

felhet

2014-01-09, 14:16

Extras.TXT

OTL Extras logfile created on: 1/9/2014 6:19:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.73% Memory free
7.90 Gb Paging File | 6.25 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.30 Gb Total Space | 179.70 Gb Free Space | 65.51% Space Free | Partition Type: NTFS
Drive D: | 19.63 Gb Total Space | 2.39 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.09% Space Free | Partition Type: FAT32
Drive F: | 653.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LINDA-HP | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03789BB0-C8E1-43BD-84D2-611D602B8F8C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{0AF5AF50-12FC-4998-96C4-20CAAF716DA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FFFD935-FC9A-450B-A7C7-D5F6F12031BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{238471E0-B149-45B9-A163-AD3E043D8F9B}" = lport=138 | protocol=17 | dir=in | app=system |
"{29CF18E6-B968-48E1-A872-5E98125F35FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32C99DCB-7F67-4EC2-98EA-355B96F34F43}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{364C8D51-595E-4A7A-A292-3E568B2A830F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{3B32D100-71D7-4A3D-A156-B37F9A7DEC16}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5E6F2136-5A68-4B4E-90BD-CC2206890026}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EC69794-8B8A-468E-8032-CCF585B045E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{604569F4-965C-428B-8DD7-029F754CAF06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60BA14CD-CA9B-4429-AC15-B9089273094E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70A1F2DE-4C67-4258-82ED-28DD7E74194D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70E51BFA-5260-4329-B1CF-E9CB8EA212C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75E5555B-2834-4B25-A86D-3F6540E744C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{773678B2-1A47-44B7-9763-A9B848F491AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DB96309-D70F-4C6D-83C4-96E0F0B7597D}" = rport=445 | protocol=6 | dir=out | app=system |
"{93E33413-B4DF-43AA-9987-EDB865AD2C80}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9E878087-CE40-4999-A5A7-37748544A6B5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{A536045A-6E79-4C6D-B1DA-566B8266932D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A91B1DA9-0241-47A5-8AA4-272FCFB4886B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0E8F13A-CF80-4343-A07C-8241A378686D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C80B969D-13A4-4B77-B318-0FAD286AF53F}" = rport=139 | protocol=6 | dir=out | app=system |
"{E8F55AFC-9110-4707-BD3B-7E136442E84B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F107F4C5-A2CB-45A7-81B5-A3DC36998C1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F34A62EF-94D1-4184-A61B-51CC9D5C3491}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{FA8D4903-45A4-493D-B212-F76B183425A6}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E88B8-869B-4133-BE39-25DBDB41FFEE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{051E973C-D4A7-4380-8960-04CD0037A252}" = protocol=6 | dir=out | app=system |
"{087B32F5-F715-46E4-B789-A4EF73A6A862}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0896FF24-282C-46C7-B8C7-1CDAA000C5B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12342267-DB23-4AB7-9E65-A39E0AC9D871}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1963D97F-3E44-40AE-BCC4-D69B0352700E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{2089E478-5399-447C-8D9C-1382FD70D2A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C4EA00B-6AE0-4A38-BE2E-3D2011259FE6}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{2E03EE9B-41D0-4702-AF74-8B6EEF6EC2AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E0D48D7-B196-446F-9EAD-55C32DA813F5}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{3D3D02C5-985D-42EF-8C83-6C501907FA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{435BEAFD-AA13-435B-A9F5-5505D4A54A9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{480982B3-D319-4773-A779-FED371F84059}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5312087C-E490-44E2-B3D1-55A7502EDD66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64DA1D50-5F02-4B32-B3C4-E3781696DC60}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DF84C45-7CA1-4751-A160-830BB677F9C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72DF9896-B97C-4BAE-A265-78B43685D047}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{76523ADC-F5CC-4622-A843-B4C2D0042DD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F5424BD-B1C4-429F-9148-BE568BD264F2}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{8E0EDB6E-A3ED-42C2-BB89-E087B490C6DA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8E8E6FCD-E6E4-4559-BD80-867DB63AF89A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{8FE15089-4DAF-479A-834B-70344ECB0606}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{96428D1C-D291-4B38-94ED-1ECCBD9AD344}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{97479E4B-4403-4E99-800E-B219D6921899}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{99297AFC-038B-4741-A8DA-FAE828DE1A16}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{99E7AD4F-148C-467E-B94E-5BE9686E0AC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9DAA9368-134D-44A4-8BD4-432C8DEB47A2}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{9EEE8C61-4235-4DAA-80B7-A6635E9FA653}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{AB77F0E7-1FF1-4DB8-A261-D02C9C6017C8}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{AEE4123D-710B-43C7-8128-F25077740231}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{AF2CF885-2315-4570-BC26-907AA4F632B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B18F2B21-EC5C-47D5-8166-D5DEFF3A2FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{C371F6E5-DD48-4F2F-B8D9-BDFEF0757466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCCC5D16-485C-4B35-9177-B5753FB9954E}" = dir=in | app=c:\users\linda\appdata\local\tnt2\2.0.0.1702\tnt2user.exe |
"{D14FEFB8-98C5-4726-8063-F98C413BF3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{D303B04A-15A5-41E5-BF85-9BC646AAD736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4583825-2A58-4969-9C33-E384178BF386}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{DA447A38-3FA0-428D-A8E4-1B517DD4F2B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1DD35FC-6B15-4515-BA85-FC447886E187}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F24862E0-182A-49B2-A2C5-24C431585612}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCE43267-90F1-4E29-8564-4BDD66E2D565}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF4F9802-FB05-46A2-8B5C-CC0530823574}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{56C4B4ED-4613-4241-BFCC-810F626C7D41}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{9A360843-A1EF-47D2-A025-F6EE89D10F26}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10EF83BF-EE18-472A-BBE2-955A384DB935}" = HP Documentation
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E9B8A2-59B7-421F-B62A-86473CC0022A}" = Inspira 5D Embroidery System
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C190405F-B711-46FF-9F66-97589782C9B1}" = 3D Embroidery 7.25
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC96F070-E8C1-493F-86FC-D8E0FAB7F77F}" = 3D Embroidery System 7.25 Upgrade
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1D29E40-F7AA-43FE-95F3-C27538B6EC9B}" = Reel Deal Slots Adventure
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"510008597" = Old Clockmaker's Riddle
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alabama Smith in the Quest of Fate" = Alabama Smith in the Quest of Fate
"Behind the Reflection" = Behind the Reflection
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BFGC" = Big Fish Games: Game Manager
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"Deadtime Stories_is1" = Deadtime Stories
"Dream Day First Home_is1" = Dream Day First Home
"ERUNT_is1" = ERUNT 1.1j
"Escape Rosecliff Island" = Escape Rosecliff Island
"Google Chrome" = Google Chrome
"Hidden Mysteries Civil War" = Hidden Mysteries Civil War
"Hidden Mysteries Notre Dame" = Hidden Mysteries Notre Dame
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Marooned" = Marooned (remove only)
"Marooned II - Secrets of the Akoni" = Marooned II - Secrets of the Akoni (remove only)
"Match Quest" = Match Quest 1.0.0.1
"Midnight Mysteries - Devil on the Mississippi" = Midnight Mysteries - Devil on the Mississippi
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Cruise" = Mystery Cruise
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Peggle Deluxe" = Peggle Deluxe
"PrintProjects" = PrintProjects
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Twisted Lands: Shadow Town" = Twisted Lands: Shadow Town
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-008ffde3-ebd9-425a-a42a-5d7b8e3db16a" = The Chronicles of Emerland Solitaire
"WTA-0485b955-2adb-49d1-ba42-4e41a5ae96b7" = Dark Arcana: The Carnival Collector's Edition
"WTA-05d35d74-5df3-442c-a1b9-57f29720e2d8" = FATE
"WTA-0c67fbd7-a965-4ce4-a8a4-136b496cc012" = Virtual Villagers 4 - The Tree of Life
"WTA-0fcb5f6e-1194-4151-89d0-60b740fe26d6" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-10f2bc50-9161-4be9-9440-524836af0132" = Poker Superstars III
"WTA-138e75bc-68a0-40f6-9dc4-410a26080be4" = The Curse of the Werewolves
"WTA-1b4e9727-8f59-4f6b-9598-1e3f3e823514" = Cradle of Rome 2
"WTA-1e218be3-0ae4-46c2-bb53-144d64176903" = Living Legends: Ice Rose Collector's Edition
"WTA-1f8baef3-7247-4f1f-9431-9477cdff1591" = Murder She Wrote 2
"WTA-23a3adea-41bb-4b9a-bfcc-d890f2478b13" = Big City Adventures Paris
"WTA-24127d8c-ebac-49c9-96a9-a3f6a0869c9d" = Jewel Legends: Magical Kingdom
"WTA-2b8ce2d3-d5d5-4ded-97fb-ae7bfe1118c9" = The Book of Desires
"WTA-2fee128a-7f38-4850-9956-ff894af0bc1c" = Golden Trails 3: The Guardian's Creed Premium Edition
"WTA-3049804c-58c6-4a54-86f9-90df9b0d73dd" = Farmscapes
"WTA-3250a5dd-5d5b-454c-b430-8355a3319000" = Dora's World Adventure
"WTA-39abf39e-4fed-4718-bec7-b409bd3ba78e" = Letters from Nowhere 2
"WTA-40912dae-4b8e-4eb1-8d48-2a0fea428e81" = Zuma's Revenge
"WTA-47aa4d28-719d-4350-83ea-fd3ba982fc2f" = Torchlight
"WTA-48337d77-fc08-4e02-b591-75162fd8b648" = John Deere Drive Green
"WTA-4870f14b-3bc8-493b-951c-3c52a0c8be1f" = Haunting Mysteries: The Island of Lost Souls Premium Edition
"WTA-48d260ec-a887-4428-9425-1c8b22f2fd65" = Hoyle Wacky Makeovers
"WTA-4949a6e0-fc89-472a-9ab8-c3aca95287a6" = Plants vs. Zombies - Game of the Year
"WTA-4e748d07-754a-4233-bf3a-3819630c5fd7" = Barn Yarn Collector's Edition
"WTA-52726690-7f69-434d-b696-85ac545ec50b" = Atlantis: Pearls of the Deep
"WTA-5c7ec728-74ca-41b5-83ed-ab3bdd71e5f1" = Cruel Games: Red Riding Hood
"WTA-64cb71f4-afcd-41e3-9187-df156e48f2da" = Jewel Match 3
"WTA-65318b0c-fcc2-4209-9412-95cbdd4f86f3" = Fairy Tale Mysteries: The Puppet Thief Collector's Edition
"WTA-6d39e0b2-a85a-4c77-a962-03784a4ec635" = Polar Bowler
"WTA-78d5af60-73a5-4f07-b308-8ec88ab02913" = Deadly Voltage: Rise of the Invincible
"WTA-7b88b62d-a860-452d-b8ac-180147bef8d4" = Entwined: Strings of Deception
"WTA-7daa7cd6-d762-46c8-8118-69d4b2584b54" = Abyss: The Wraiths of Eden Collector's Edition
"WTA-7ed50953-7f94-4856-830f-cfebc1a840b6" = Chuzzle Deluxe
"WTA-82e748be-fecd-49e7-b1c8-dfda65c2d07a" = Polar Golfer
"WTA-903ce378-281f-487a-80c5-4a3fd73bf2b0" = Hoyle Gator Elevator
"WTA-961f9e61-62db-44f6-8a9c-e185dd8d968e" = Girls With Secrets
"WTA-a3b7e48a-2918-4d29-9142-67fb967ef259" = The Treasures of Mystery Island: The Ghost Ship
"WTA-a406a8ac-790c-4c84-963b-492d67795a2f" = Forbidden Secrets Alien Town
"WTA-a8734f5d-088e-45fe-a74c-c95454584001" = Weird Park: Scary Tales
"WTA-aae1fdb6-837b-4ef0-ab63-08018203b220" = Mah Jong Medley
"WTA-aeca43b6-0cac-484c-9190-ceb6db854fcc" = Luxor HD
"WTA-b60cbcaa-95bd-4a4a-b28f-7403ea210aa9" = Dark Mysteries: The Soul Keeper Collector's Edition
"WTA-b61b460f-b5fd-4a3c-8aae-fd0d69b0e4d7" = Farmington Tales
"WTA-b7f27b8b-80db-406b-b875-06da019568bb" = Mysteriez: Hidden Numbers
"WTA-b8def06c-a599-49c4-a3e4-296c432f03b7" = Angelica Weaver: Catch Me When You Can Collector's Edition
"WTA-c373cb76-a1af-4169-b9dd-4ab4468beda4" = Final Drive Fury
"WTA-c5168dc4-3f4a-4487-af51-790614aed1ac" = The Beast of Lycan Isle Collector's Edition
"WTA-ce492e80-b414-41d0-aceb-41eeb457fc29" = Blackhawk Striker 2
"WTA-cfeaf237-13bf-4559-87b1-3c755b78b8d1" = Farm Frenzy
"WTA-d20b4995-ce53-41fe-9f7d-35faf9e95c91" = Hoyle Card Games
"WTA-d7218f4d-7ce1-4373-859f-9aba720ef1d3" = Brink of Consciousness: Lonely Hearts Murders
"WTA-dcb4f01d-a4b7-4d13-a981-08384d57d3d7" = Penguins!
"WTA-e23c46d6-ce25-45bb-bff1-1cace02dbe55" = RollerCoaster Tycoon 3: Platinum
"WTA-e45e512f-9d5d-49f2-99e6-18f3e69e7ca1" = Inception of Darkness: Exorcist 3
"WTA-e4a80379-6261-446f-b6aa-9bf63fad672f" = The Lake House: Children of Silence
"WTA-ebbe8917-76f1-4967-8c4a-f6d5e8b41d5a" = Bejeweled 3
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-294371208-3097446141-2468538785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nightfall Mysteries - The Curse of the Opera" = Nightfall Mysteries - The Curse of the Opera

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 1/3/2013 8:26:11 PM | Computer Name = Linda-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4043
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

[ HP Software Framework Events ]
Error - 8/15/2012 12:47:33 AM | Computer Name = FQPR695O9NQJI | Source = CaslWmi | ID = 5
Description = 2012/08/14 21:47:33.201|00000A1C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 8/15/2012 12:47:33 AM | Computer Name = FQPR695O9NQJI | Source = CaslWmi | ID = 5
Description = 2012/08/14 21:47:33.637|00000A1C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/24/2012 5:46:56 PM | Computer Name = Linda-HP | Source = CaslWmi | ID = 5
Description = 2012/12/24 16:46:56.933|000013E0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/24/2012 5:46:57 PM | Computer Name = Linda-HP | Source = CaslSmBios | ID = 5
Description = 2012/12/24 16:46:57.385|000013E0|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
attempting to parse year 0, month 0, day 0: Year, Month, and Day parameters describe
an un-representable DateTime.

Error - 12/24/2012 5:46:59 PM | Computer Name = Linda-HP | Source = CaslWmi | ID = 5
Description = 2012/12/24 16:46:59.248|000010CC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/24/2012 5:51:55 PM | Computer Name = Linda-HP | Source = CaslWmi | ID = 5
Description = 2012/12/24 16:51:55.913|00001058|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/25/2012 8:27:31 PM | Computer Name = Linda-HP | Source = CaslWmi | ID = 5
Description = 2012/12/25 19:27:31.689|000011D0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/25/2012 8:29:19 PM | Computer Name = Linda-HP | Source = CaslWmi | ID = 5
Description = 2012/12/25 19:29:19.351|00000690|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

< End of report >

Dakeyras

2014-01-09, 15:26

Hi. :)

Again, thank you for your quick response!
You're welcome!

The computer seems to be running well.
Good.

The only thing a little strange is a while ago the icons on the desktop became much smaller out of the blue. I have never been able to get them back to normal size. I am not sure if that is a malware or if my parents inadvertently did something.
Hmm I doubt it is malware related, OK try the following:-

Right-Click anywhere on the Desktop >> View >> select the option(icon size you wish) IE: Large, Medium or Small.

You can also use the scroll wheel on your mouse to resize desktop icons. Click on and hold the Ctrl key while you scroll the wheel to make the icons larger or smaller.

I have to break this up. I received an error saying the test was too long and the file size too big.
Not a problem.

Next:

Please move the executable for OTL to the desktop, it is currently located here in your downloads folder:-

C:\Users\Linda\Downloads\OTL.exe

For interest sake a quick easy way to change the download location for future reference to the desktop as follows(to change back to the default downloads folder is the reverse of the procedure):-

For Internet Explorer:-

Launch the browser >> click on the Gear icon in the upper left hand corner of the window >> View downloads
In the View Downloads - Windows Internet Explorer window that has now appeared >> click on Options
Now in the Download Options window that has now appeared >> click on the Browse... tab >>
The Select a default destination folder for your downloads window should now have appeared >> click on Desktop >> Select Folder >> OK >> Close

For Mozilla Firefox:-

Launch the browser >> click on Tools >> Options >> ensure the General tab is selected
Under the Downloads heading >> click on the Browse... tab >> when the Choose Download Folder appears
Click on Desktop >> Select Folder >> OK

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outline in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution (http://support.microsoft.com/kb/2719662)

I advice you download and run the Disable Windows Sidebar and Gadgets Fixti (http://download.microsoft.com/download/E/2/3/E23783A8-6602-48C9-81A7-3B512F6E938B/MicrosoftFixit50906.msi)t utility to rectify this.

Note: Ensure you reboot your machine if not prompted to do so before proceeding any further.

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-294371208-3097446141-2468538785-1001\..\SearchScopes\{F0E6E776-6120-4575-B43C-E853E580061B}: "URL" = http://search.findwide.com/serp?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&action=default_search&serpv=22&k={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "FindWide"
[2013/02/07 14:56:28 | 000,001,467 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober-1953977777.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
@Alternate Data Stream - 351 bytes -> C:\ProgramData\Temp:C6BC11FD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:737160C1

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"=-

:Files
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c

:Commands
[ResetHosts]
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware (http://downloads.malwarebytes.org/mbam-download-standalone-random.php) to your desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a check-mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered ?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

felhet

2014-01-10, 02:39

OK, I did what you said, thank you!

Everything looks good so far. Definitely much better!

OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-294371208-3097446141-2468538785-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F0E6E776-6120-4575-B43C-E853E580061B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0E6E776-6120-4575-B43C-E853E580061B}\ not found.
Prefs.js: "FindWide" removed from browser.search.defaultenginename
C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober-1953977777.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\Temp:C6BC11FD deleted successfully.
ADS C:\ProgramData\Temp:BE40C8A2 deleted successfully.
ADS C:\ProgramData\Temp:737160C1 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Linda
->Temp folder emptied: 1358780690 bytes
->Temporary Internet Files folder emptied: 270607283 bytes
->FireFox cache emptied: 21969099 bytes
->Google Chrome cache emptied: 388527064 bytes
->Flash cache emptied: 87575 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 374947657 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 2322 bytes

Total Files Cleaned = 2,303.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01092014_191402

Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

felhet

2014-01-10, 02:40

Mbam log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Linda :: LINDA-HP [administrator]

1/9/2014 7:23:07 PM
mbam-log-2014-01-09 (19-23-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208931
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={73D1392E-2602-4038-8E32-E44A1E0B362B}&serpv=22) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Linda\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

(end)

Dakeyras

2014-01-10, 10:51

Hi. :)

Everything looks good so far. Definitely much better!
Good.

TFC(Temp File Cleaner):

Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to the desktop,
Save any unsaved work. TFC will close all open application windows.
Right-click on TFC.exe and select Run as Administrator to run the program.
Click the Start button in the bottom left of the GUI(graphical user interface)'
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here (http://www.eset.com/online-scanner-popup/) to run the scan...

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the log file located at C:\Program Files (x86)/ESET/ESET Online Scanner/log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.

felhet

2014-01-13, 00:00

OK, so I ran the TFC and ESET. Below is the ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56d8557de55ffa4f85efb8be58e52ee3
# engine=16610
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-11 01:50:53
# local_time=2014-01-11 08:50:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 95 26419372 151954838 0 0
# compatibility_mode=5893 16776573 100 94 0 140991703 0 0
# scanned=139554
# found=1
# cleaned=0
# scan_time=44323
sh=61DEA641846E5DB2DD372FF047C96A04AE76132A ft=1 fh=44c4be7ead15d39a vn="multiple threats" ac=I fn="C:\ProgramData\Oberon Media\Initiator\3.0.0.0\cache\ecfc00c1e170c5eb589cfad3e811682243c4c619\mumbojumbo_en_toolbar_3.2.0.46.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56d8557de55ffa4f85efb8be58e52ee3
# engine=16616
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-11 05:41:15
# local_time=2014-01-11 12:41:15 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 95 26436794 151968660 0 0
# compatibility_mode=5893 16776573 100 94 0 141005525 0 0
# scanned=259367
# found=11
# cleaned=0
# scan_time=13754
sh=61DEA641846E5DB2DD372FF047C96A04AE76132A ft=1 fh=44c4be7ead15d39a vn="multiple threats" ac=I fn="C:\ProgramData\Oberon Media\Initiator\3.0.0.0\cache\ecfc00c1e170c5eb589cfad3e811682243c4c619\mumbojumbo_en_toolbar_3.2.0.46.exe"
sh=0AF40F48A4B7E29A3D1760C373CA23FD064EA311 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application" ac=I fn="C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod\1.0.0_0\background.js"
sh=B93E468AC11A1019073C09409377960E8D28FA7F ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application" ac=I fn="C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod\1.0.0_0\content.js"
sh=167A4D4B879724B84B8AB0131B77C8BA7EC38789 ft=1 fh=323706c69001ead8 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\mysteryofsharkisland-setup(1).exe"
sh=167A4D4B879724B84B8AB0131B77C8BA7EC38789 ft=1 fh=323706c69001ead8 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\mysteryofsharkisland-setup(2).exe"
sh=167A4D4B879724B84B8AB0131B77C8BA7EC38789 ft=1 fh=323706c69001ead8 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\mysteryofsharkisland-setup(3).exe"
sh=167A4D4B879724B84B8AB0131B77C8BA7EC38789 ft=1 fh=323706c69001ead8 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\mysteryofsharkisland-setup(4).exe"
sh=167A4D4B879724B84B8AB0131B77C8BA7EC38789 ft=1 fh=323706c69001ead8 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\mysteryofsharkisland-setup.exe"
sh=5B4E69F6FB3034D70186BFC7AEF22FE6134313AD ft=1 fh=6cfda5acdd1d5989 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(1).exe"
sh=5B4E69F6FB3034D70186BFC7AEF22FE6134313AD ft=1 fh=6cfda5acdd1d5989 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(2).exe"
sh=5B4E69F6FB3034D70186BFC7AEF22FE6134313AD ft=1 fh=6cfda5acdd1d5989 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup.exe"

Dakeyras

2014-01-13, 10:51

Hi. :)

OK, so I ran the TFC and ESET. Below is the ESET log
Good, a few things to address and we can check for some software updates also as follows...

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(1).exe
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(2).exe
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(3).exe
C:\Users\Linda\Downloads\mysteryofsharkisland-setup(4).exe
C:\Users\Linda\Downloads\mysteryofsharkisland-setup.exe
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(1).exe
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup(2).exe
C:\Users\Linda\Downloads\ritajamesandtheracetoshangrila-setup.exe
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkopijddpkmggacdghppacglggodkcod
C:\ProgramData\Oberon Media\Initiator\3.0.0.0\cache\ecfc00c1e170c5eb589cfad3e811682243c4c619\mumbojumbo_en_toolbar_3.2.0.46.exe

:Commands
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Software Update check:

Download and install FileHippo Update Checker from here (http://www.filehippo.com/updatechecker/).
Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Uninstall a program or Programs and Features in the Control Panel.
Re-install the updated software, delete the installers and then empty the Recycle Bin.
When completed the above let myself know and if any further issues remaining. Plus post the contents of the OTL Log from the Custom Script, thank you.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

felhet

2014-01-16, 02:16

Hi, I am not sure what happened, but I turned the computer back on the other day and it first came up with an error at startup. it said something like, no boot disk press any button to continue.

I had to do a hard reset on the computer. It started back up just fine, but now my mouse is not working. I can move it around the screen, but clicking does nothing, and sometimes it won't register anything when I hover above a link.

I had to use the windows button, tab, shift tab, arrow keys, and the enter button to get anywhere.

Dakeyras

2014-01-16, 10:26

Hi. :)

Did this occur after running the Custom OTL Script in post #14 (http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser&p=449035&viewfull=1#post449035) ? Of after updating some software ? If the latter which software was updated...

felhet

2014-01-17, 01:36

Actually, I have not had a chance to run the script yet. I went to turn the computer on to run the script and this happened. It seemed to be running fine for a few days.

Dakeyras

2014-01-17, 10:42

Hi. :)

OK try the below first as follows...

Windows 7 LKGC:

Start-up(or reboot) your computer and during the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Advanced Boot Options screen.

Use the arrow keys to scroll down and select Last Know Good Configuration (advanced) and hit the Enter/Return key.

Your machine should now automatically reboot back into Normal Mode. Check if the problem is now resolved, if not proceed to the below.

Invoke a System Restore Point:

Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> System Restore

Once the System Restore Window has loaded >> click on Next> >> click once on the most recent Restore Point to highlight >> Next> >> Finish

Your machine will now begin the System Restore process and will automatically reboot.

Next:

Let myself know if either of the above resolved the problem in your next reply please.

felhet

2014-01-18, 03:27

OK, so I tried the first suggestion and it did not seem to do much, but I think the right mouse button started working. I tried the system restore and restored it to the earliest point and nothing changed.

Right now I can move the mouse using the track pad and I can right click. Left click does not work and when I hover over an icon nothing happens i.e. the file name, type, date etc. does not popup.

Dakeyras

2014-01-18, 22:23

Hi. :)

The problem may be hardware related but we can change a few settings/check the driver...also we may have to perform some of the prior malware removal process again but that should not be a problem.

Next:

Note: If you have access to a PS/2 Mouse, feel free to connect it to your laptop to carry out the below.

Click on Start(Windows 7 Orb) >> Control Panel >> Mouse >> the Mouse Properties window will open.

Select the option Switch primary and secondary buttons >> Apply >> OK <-- You will have to use the right button now to do so.

Then undo the changes(using the right button). Is the left mouse button now working ? If it is not, open the Mouse Properties window again...

And click on the Hardware tab >> next to Device status if This device is working properly is not denoted, click on the Properties tab >> Driver

Now click on Update Driver... >> follow the prompts etc.

Next:

Let myself know the outcome in your next reply please.

felhet

2014-01-19, 17:24

Hi, :)

That did not really help. Switching the buttons really did not do much. I tried keeping it in left handed mode for a minute and the right button sort of worked as the left. I switched back and now the right button acts as a right click, but it strangely enough deselects a window making it inactive if you right click. The mouse properties also said the device was working properly. There was also a button to restore it to default and I tried that too. No luck.

felhet

2014-01-20, 01:29

I thought about reformatting the computer or wiping it back to the original settings. What is the easiest way to something like that?

Dakeyras

2014-01-20, 10:36

Hi. :)

I'm afraid it sounds very much like a hardware problem with the laptops actual inbuilt mouse/track-pad and keys. Not a lot I can advise about that apart from taking the machine to a local IT Repair Centre.

I thought about reformatting the computer or wiping it back to the original settings. What is the easiest way to something like that?
The problem with the mouse would still remain, do you have a PS/2 Mouse you can connect and that way can at least continue with the malware removal process before you have the inbuilt mouse repaired.

felhet

2014-01-21, 03:11

ok, so I plugged in a USB mouse and that works. Should I go back to system restore and revert back to the most recent restore point? or do I stay where I am?

Dakeyras

2014-01-21, 11:01

Hi. :)

I plugged in a USB mouse and that works.
Good.

Should I go back to system restore and revert back to the most recent restore point? or do I stay where I am?
No need at this time and we will merely perform a few prior checks/scans again as follows...

Go back to post #9 (http://forums.spybot.info/showthread.php?70000-Something-Redirecting-Internet-Browser&p=448912&viewfull=1#post448912)(this should be the system restore point you invoked last time).

Complete all the prior instructions again and in turn post the requested logs(OTL Log from the Custom Script and Malwarebytes Anti-Malware Log).

Dakeyras

2014-01-24, 14:09

Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
-----------------------------
Edit
New topic: http://forums.spybot.info/showthread.php?70086-Last-Thread-Closed-Before-I-was-Finished-Browser-Redirected