# hijacked by websearch good results to start with



## kbmccarthy (Sep 12, 2010)

I have been hijacked by websearch good results and there are windows that pop up randomly with ads or congratulations you are a winner and response time have been extremely slow. I was unable to download the gmer index file, I kept getting a file not found error. The other logs are pasted below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:56 PM, on 2/22/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Users\Kimmy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: SaveAs - {B74F7D95-7A98-8A0F-7A09-C50747EEC081} - C:\ProgramData\SaveAs\5107f1be1f4ca.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Search-NewTab - {E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242} - C:\ProgramData\Search-NewTab\5107f26dddefd.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll c:\progra~1\saveas\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16215 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Kimmy at 23:02:47 on 2013-02-22
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3998.2167 [GMT -6:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SaveAs: {B74F7D95-7A98-8A0F-7A09-C50747EEC081} - C:\ProgramData\SaveAs\5107f1be1f4ca.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: Search-NewTab: {E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242} - C:\ProgramData\Search-NewTab\5107f26dddefd.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Kimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 68.114.37.166 68.113.206.10 24.217.0.5
TCP: Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9} : DHCPNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll c:\progra~1\saveas\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\npLMI64.dll
FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-29 09:58; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
FF - ExtSQL: 2013-01-29 10:01; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
FF - ExtSQL: 2013-02-10 16:55; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-02-10 16:57; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
FF - ExtSQL: 2013-02-18 18:08; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-02-17 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-04-06 18:31; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-02-10 16:55; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.autoDisableScopes, 14
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e816e11f000000000000002100f8486d&q=
FF - user.js: extensions.BabylonToolbar.id - e816e11f000000000000002100f8486d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15668
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.811:14:31
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 228768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2013-1-22 335288]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 30520]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-7-15 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-18 89920]
SUnknown NisSrv;NisSrv; [x]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-19 09:17:48 70004024 ----a-w- C:\Windows\System32\mrt.exe
2013-02-19 00:13:50 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-19 00:13:49 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 15:35:51 49872 ----a-w- C:\Windows\System32\drivers\paqqwtro.sys
2013-01-22 19:53:32 335288 ----a-w- C:\Windows\System32\drivers\acedrv11.sys
2013-01-09 01:48:55 17812992 ----a-w- C:\Windows\System32\mshtml.dll
2013-01-09 01:22:26 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:29 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:10:26 237056 ----a-w- C:\Windows\System32\url.dll
2013-01-09 01:09:10 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:50 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:06:39 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-01-09 01:05:45 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-01-09 01:04:58 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-09 01:00:48 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-01-08 22:23:25 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:09:18 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-01-08 22:03:57 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 22:01:48 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-01-08 22:00:14 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:43 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:57:49 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-01-08 21:56:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-01-08 21:56:37 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-08 21:53:13 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:10 1417576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-04 02:23:07 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 23:03:49.49 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2009 12:56:44 PM
System Uptime: 2/22/2013 9:20:06 PM (2 hours ago)
.
Motherboard: Quanta | | 3602
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 800/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 150.703 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.964 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Agere Systems HDA Modem
Apple Application Support
Apple Software Update
Ask Toolbar
Auslogics BoostSpeed
Auslogics Registry Cleaner
Body Spectrum
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C4600
CCleaner
Compatibility Pack for the 2007 Office system
Corel OCR-Trace
CyberLink DVD Suite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Drakensang
EA Download Manager
ESU for Microsoft Vista
FloorPlan 3D v8
Foldit
GIMP 2.6.7
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 14.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photo Creations
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
IDT Audio
iLivid
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Juno Preloader
LabelPrint
LeapFrog Connect
LeapFrog Tag Plugin
LightScribe System Software 1.14.17.1
MarketResearch
McAfee Security Scan Plus
Media Player
Media Player Packages
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2000 Premium
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
OverDrive Media Console
Photo Pos Pro
PhotoScape
Picasa 3
Pivot Stickfigure Animator
Power2Go
PowerDirector
ProtectDisc Driver, Version 11
ProtectSmart Hard Drive Protection
PS_AIO_05_C4600_Software_Min
Punch! Professional Home Design - Platinum
QuickTime
QuickTransfer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
SAMSUNG Intelli-studio
SaveAs
SaveAs 1.74
Scan
Search-NewTab
Search Assistant WebSearch 1.74
SearchCore for Browsers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype 5.10
Slingbox - Watch Your TV Anywhere
SlingPlayer
SmartWebPrinting
Software Version Updater
SolutionCenter
SPORE Creature Creator Trial Edition
StartNow Toolbar
Status
Sweet Home 3D version 3.2
swMSM
Synaptics Pointing Device Driver
The Sims 2 Family Fun Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims 2 Apartment Life
The Sims 2 Bon Voyage
The Sims 2 Double Deluxe
The Sims 2 H&M® Fashion Stuff
The Sims 2 Kitchen & Bath Interior Design Stuff
The Sims 2 Seasons
The Sims 2 Teen Style Stuff
Toolbox
Total 3D Home Deluxe
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
WebReg
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

Please run these two scans and post the logs:

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## kbmccarthy (Sep 12, 2010)

Unable to download and run the rogue killer.

# AdwCleaner v2.113 - Logfile created 02/23/2013 at 22:01:26
# Updated 23/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\SaveAs
Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\BetterSoft
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab
Deleted on reboot : C:\ProgramData\SaveAs
Deleted on reboot : C:\ProgramData\Search-NewTab
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Kimmy\AppData\Local\Coupon Companion Plugin
Deleted on reboot : C:\Users\Kimmy\AppData\Local\Ilivid
Deleted on reboot : C:\Users\Kimmy\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\Kimmy\AppData\Local\SwvUpdater
Deleted on reboot : C:\Users\Kimmy\AppData\Local\Temp\CT3272718
Deleted on reboot : C:\Users\Kimmy\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Kimmy\Desktop\iLivid.lnk
File Deleted : C:\Windows\Tasks\AmiUpdXp.job

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\saveas\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\search~1\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchCore for Browsers
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\SearchCore for Browsers
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B74F7D95-7A98-8A0F-7A09-C50747EEC081}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B74F7D95-7A98-8A0F-7A09-C50747EEC081}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKU\S-1-5-21-2196127602-2517890934-2989324103-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("keyword.URL", "hxxp://search.startnow.com/s/?src=addrbar&provider=&provider_name=startnow[...]

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "e816e11f000000000000002100f8486d");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:14:31");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "pos.startnow.com");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : icon_url = "hxxp://www.startnow.com/startnow/images/sn_favicon.ico",
Deleted [l.26] : search_url = "hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_[...]
Deleted [l.107] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provide[...]

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.444] : homepage = "hxxp://search.conduit.com/?CUI=UN18525397971864171&ctid=CT3272718&SearchSource=48",

*************************

AdwCleaner[S1].txt - [19815 octets] - [23/02/2013 22:01:26]

########## EOF - C:\AdwCleaner[S1].txt - [19876 octets] ##########


----------



## Mark1956 (May 7, 2011)

How is the system running now?

What happened when you clicked the button on the website to download RogueKiller?


----------



## kbmccarthy (Sep 12, 2010)

The screen shots would not paste so here is an attachment that I pasted the screen shots to.


----------



## Mark1956 (May 7, 2011)

That does not tell me much, when you clicked on the button to download the appropriate bit rate of RK what happened next?

You didn't answer this:


> How is the system running now?


----------



## kbmccarthy (Sep 12, 2010)

The hijacker is still on board.
The RK downloads 10.8 KB of data, but when I try to open it I get 
<!doctype html>

Download RogueKiller (Official website)



>




*Tigzy's website*

*... about Malware analysis*













Home

Tools 1
TaskSTRun
RogueKiller
WIGI
Cryptonic
ForceHide 

Tools 2
LogAnalyzer
mbrAnalyser 
MD5Look 
VTUploaderZ
AdwProtector

Tools 3
ProtectMyTool
DiffView

Publications
[Blog] API Monitor
[Blog FR] Like Hijacks
[Blog FR] 01 Monetization
[Blog] Chronicles of a PE Infector
[Blog] Win32.Symmi - decryption 

Contact






*RogueKiller :*

*

Build 32 bits (x86) :





64 bits (x64) :





http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Fpages%2FRogueKiller%2F169413966416663&layout=box_count&show_faces=true&width=60&action=like&font=tahoma&colorscheme=light&height=65

<glusone size="tall" href="https://plus.google.com/109539237491540579569"></glusone>

*


​
Tutorial : Please look at this link for a detailled user guide

Description : RogueKiller is a program written in C++ and able to :


Kill malicious processes
Stop malicious services
Unload malicious DLLs from processes
Kill malicious hidden processes
Find and remove malicious autostart entries, including : 
Registry keys (RUN/RUNONCE, ...)
Tasks (Scheduler 1.0/2.0)
Startup folders

Hijack entries, including :
Shell / Load entries
Extension association hijacks
DLL hijacks
Many, many others ...

Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type "Fake HDD"
Read / Fix malicious Master Boot Record (MBR) -- Even hidden by rootkit 
List / Fix SSDT - Shadow SSDT - IRP Hooks (Even with inline hooks)
Find and restore system files patched / faked by a rootkit










Also able to remove lots of actual infections, including ZeroAccess, TDSS, all rogues, and many Ransomwares.
Detections are Blacklist/Whitelist based or Heuristic based

*RogueKiller is available in the following languages : *


French
English
Chinese
Czech
German
Greek
Italian
Dutch
Portuguese
Russian
Spanish
Slovak






*Links*


RogueKiller
TigzyRK BlogSpot

*Social Networks*









RogueKiller's page









@tigzyRK









Tigzy on Youtube









TigzyRK Blogspot

http://platform.twitter.com/widgets/follow_button.html?screen_name=tigzyRK&show_count=false

*Make a donation*













​


----------



## Mark1956 (May 7, 2011)

RogueKiller is close to 800KB so clearly something is blocking it.

Lets try this. Download and run RKill as instructed below and post the log from it, then before you reboot the system try to run RogueKiller again, if it still fails, delete the icon on your desktop and download it again and give it another try.

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.


----------



## kbmccarthy (Sep 12, 2010)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/27/2013 04:02:26 PM in x64 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 02/27/2013 04:02:42 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


----------



## Mark1956 (May 7, 2011)

Try to download RogueKiller from this page which uses a different download address. This page is in French and is the original page for the tool, just scroll down and find the two blue download buttons, choose the button with X64 next to it.

http://www.sur-la-toile.com/RogueKiller/


----------



## kbmccarthy (Sep 12, 2010)

There was no c:\rkill.log, but this posted on the desktop

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Kimmy [Admin rights]
Mode : Scan -- Date : 02/28/2013 11:45:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] schedule!422607286.job : C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe /schedule /profile "c:\programdata\bettersoft\saveas\422607286.ini" [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤


----------



## Mark1956 (May 7, 2011)

There was no c:\rkill.log  You already sent it in post 9 .

There are some items in your installed programs list that need to be removed, please uninstall these items:

SaveAs
SaveAs 1.74
Search Assistant WebSearch 1.74

Please complete the uninstalls before running the other scans requested below.

RogueKiller only shows one suspect entry 'Bettersoft' but it is probably not related to the hijack, ADWCleaner had removed an item that is related to 'Bettersoft' so we need to delete what RogueKiller found.

Going back to the ADWCleaner log, it showed it replaced the Start Page in IE and changed it to Google.

 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com

In view of this please run ADWCleaner again and post the new log, then also tell me if the start page has changed or not.

Please also run RogueKiller again, when the prescan completes hit the Scan button and then when that completes hit the Delete button, then the Report button and post the new log.


----------



## kbmccarthy (Sep 12, 2010)

I don't use IE, but the home page for mozilla changed and I have a few other issues occurring. This message is appearing when windows opens

And a blank notepad will open randomly.
Here is the first log.

# AdwCleaner v2.113 - Logfile created 03/01/2013 at 09:58:17
# Updated 23/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab
Deleted on reboot : C:\ProgramData\SaveAs
Deleted on reboot : C:\ProgramData\Search-NewTab
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 22:01:26]
AdwCleaner[S2].txt - [5712 octets] - [01/03/2013 09:58:17]

########## EOF - C:\AdwCleaner[S2].txt - [5772 octets] ##########


----------



## kbmccarthy (Sep 12, 2010)

This is the new home page address
http://mysearch.avg.com/?cid={FA334C9F-8D6C-4BD1-BF0A-5C0FF91EC779}&mid=bc0ab380b41b47d38ab8d1572e3e169f-373060048fc75a44511342617ee985fad3c3dccb&lang=en&ds=co011&pr=sa&d=2013-02-28%2018:39:23&v=14.2.0.1&pid=safeguard&sg=1&sap=hp

Here is the RK Report

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Kimmy [Admin rights]
Mode : Remove -- Date : 03/01/2013 10:31:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
--- User ---
[MBR] 87abe94673dd6562cf165508139d48cc
[BSP] 65c9d9f88ecd587e1ce2c1fe940b9235 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 292471 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598982656 | Size: 12770 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03012013_02d1031.txt >>
RKreport[1]_S_03012013_02d1028.txt ; RKreport[2]_D_03012013_02d1031.txt


----------



## Mark1956 (May 7, 2011)

> I don't use IE, but the home page for mozilla changed and I have a few other issues occurring. This message is appearing when windows opens


 You have not posted what appears when Windows opens and you stated there are a few other issues but only mentioned Notepad. Please list all the issues.

ADWCleaner has found quite a few more items and removed this from Mozilla under your profile:

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Has it changed? If not please run ADWCleaner again and post the new log.

If there is still no change look at the Add-ons under Tools and delete anything related to AVG. 
Also look under Tools, Options and select the General tab and click on return to Default for the home page.


----------



## kbmccarthy (Sep 12, 2010)

When I restart I get this error

Microsoft Security Client
An error has occurred in the program during initialization. If this problem continues, please contact your system administrator
Error code: 0x80070002

My home page was Google
now the home page is: http://mysearch.avg.com/?cid={FA334C9F-8D6C-4BD1-BF0A-5C0FF91EC779}&mid=bc0ab380b41b47d38ab8d1572e3e169f-373060048fc75a44511342617ee985fad3c3dccb&lang=en&ds=co011&pr=sa&d=2013-02-28%2018:39:23&v=14.2.0.1&pid=safeguard&sg=1&sap=hp

Notepad opens randomly
Also having trouble with youtube video displays a flash player error (don't know if it is related).

All I can think of right now.

Here is the latest adw log
# AdwCleaner v2.113 - Logfile created 03/02/2013 at 00:44:34
# Updated 23/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab
Deleted on reboot : C:\ProgramData\SaveAs
Deleted on reboot : C:\ProgramData\Search-NewTab
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 22:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 09:58:17]
AdwCleaner[S3].txt - [2589 octets] - [02/03/2013 00:44:34]

########## EOF - C:\AdwCleaner[S3].txt - [2649 octets] ##########


----------



## Mark1956 (May 7, 2011)

Something is reinstalling a bunch of Adware. Please confirm that you uninstalled these items:

SaveAs
SaveAs 1.74
Search Assistant WebSearch 1.74

Please also run this and post the log:

Please download *Malwarebytes*







and save it to your desktop.


*Important!!* When you save the mbam-setup file, rename it to something random (such as 123abc.exe) *before* beginning the download.
Double-click on the renamed file to install, then follow these instructions for doing a *Quick Scan* in normal mode.
Malwarebytes will automatically check for updates as soon as it is launched.
_If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues_.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to *allow* the changes.


Double click on the *Malwarebytes* icon on your desktop to launch the program
Under the *Scanner* tab, make sure the *Perform Quick Scan* option is selected.
Click on the *Scan* button.
When finished, a message box will say "_The scan completed successfully. Click *Show Results* to display all objects found_". 
*NOTE:* If no detections are found a log will automatically open in Notepad, please copy and paste the log back here and close all windows, in this case you do not need to continue.
Click *OK* to close the message box, then click the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked* and then click *Remove Selected*.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the *Logs* tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.

_If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. *Failure to reboot normally* will prevent Malwarebytes from removing all the malware._

_
Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again *requires registration and purchase of a license key* that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner._


----------



## kbmccarthy (Sep 12, 2010)

Thought I should check in. I have Anatomy test on 3/6/13. Will get to last post this weekend
Thanks, Kim


----------



## Mark1956 (May 7, 2011)

Ok, look forward to hearing from you.


----------



## kbmccarthy (Sep 12, 2010)

I don't know how to get the log. I rebooted without making a copy and don't know how to find it.


----------



## Mark1956 (May 7, 2011)

Please confirm what I asked at the beginning of post 17.

This is how you can find the Mbam log.


Open Malwarebytes and click on the *Logs* tab.
Scroll down the list to find the relative scan dates.
Click on the entry and then click on *Open.*
Copy and paste the log into your next post.


----------



## kbmccarthy (Sep 12, 2010)

There was no listing for SaveAs, SaveAs1.74 or Search Assistant WebSearch 1 on the uninstall page.
When I ran a search these files showed up: SaveAs.exe.vir, QuarantineReport.txt and AdwCleaner[S1].txt.
Since they were not on the uninstall screen I didn't know what to do so I did nothing.

Here is the Malewarebytes log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.07.14

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kimmy :: COMPUTER [administrator]

3/7/2013 5:30:23 PM
mbam-log-2013-03-07 (17-30-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 565517
Time elapsed: 1 hour(s), 45 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6


----------



## Mark1956 (May 7, 2011)

Please check the Malwarebytes log, it shows at the bottom 6 Files detected but the section that should list the detections you have missed when you copied the log.

We will have to do a search fro the programs you could not find.

Please download *SystemLook* from one of the links below and save it to your Desktop.


*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*saveas*
*Websearch*
:folderfind
*saveas*
*Websearch*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## kbmccarthy (Sep 12, 2010)

Here is the log. I tried to download from both site for the SystemLook and both sites gave the same error.
Error SystemLook Script required

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.07.14

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kimmy :: COMPUTER [administrator]

3/7/2013 5:30:23 PM
mbam-log-2013-03-07 (17-30-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 565517
Time elapsed: 1 hour(s), 45 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PATQ7Z2\5107f1be36f82[1].exe (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PATQ7Z2\5107f26e02cba[1].exe (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PATQ7Z2\agent_setup[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\Kimmy\AppData\Local\Temp\{B0442F3A-2A0E-40F3-A218-622C6BA70DCC}\Addons\newtab_setup.exe (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Kimmy\Downloads\PDFdownload(1).exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\Kimmy\Downloads\PDFdownload.exe (PUP.Offerware) -> Quarantined and deleted successfully.

(end)


----------



## kbmccarthy (Sep 12, 2010)

I have another question. I just bought a Samsung Galaxy Tab 2 7.0. I haven't opened the box yet, because I would like to know what to do to protect it from the start. Can you help me with that?

Thanks 
Kim


----------



## Mark1956 (May 7, 2011)

It appears that the site SystemLook comes from is off line at the moment, click on this link SystemLook and it will download automatically, then follow the instructions I gave in post 23.


----------



## kbmccarthy (Sep 12, 2010)

Can you help me with setting up the security on my new tablet or do I need to make a post in a seperate forum. (post #25)

I will get right on the SystemLook.
Kim


----------



## kbmccarthy (Sep 12, 2010)

Here is the SystemLook Log

SystemLook 30.07.11 by jpshortstuff
Log created at 05:34 on 09/03/2013 by Kimmy
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*saveas*"
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\SaveAsRTF.api --a---- 407139 bytes [20:51 27/07/2012] [20:51 27/07/2012] 06D9D338A12A057D467BB0CE99B87008
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs\SaveAs.lnk --a---- 202 bytes [15:34 29/01/2013] [15:34 29/01/2013] 1D8EE6D6A647F17F4A9FE4B9C651A61C
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SaveAs\SaveAs.lnk --a---- 202 bytes [15:34 29/01/2013] [15:34 29/01/2013] 1D8EE6D6A647F17F4A9FE4B9C651A61C
C:\Users\Kimmy\AppData\Local\Temp\SaveAs.exe.vir --a---- 348160 bytes [11:41 08/03/2013] [11:41 08/03/2013] 272AAEB4C0A05056B62995899EB9D5A8
C:\Users\Kimmy\Desktop\RK_Quarantine\SaveAs.exe.vir --a---- 348160 bytes [17:45 28/02/2013] [17:45 28/02/2013] 272AAEB4C0A05056B62995899EB9D5A8
C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\SaveAsRTF.api_NON_OPT -ra---- 406627 bytes [18:55 06/06/2011] [18:55 06/06/2011] 50AA2AD662BA2DAED30A69AA8CA72B08

Searching for "*Websearch*"
C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [20:34 16/03/2010] [11:30 26/07/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [20:34 16/03/2010] [11:30 26/07/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\websearch.gif --a---- 1137 bytes [06:42 29/12/2009] [12:23 04/08/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [06:42 29/12/2009] [12:23 04/08/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [17:29 24/12/2009] [05:55 08/07/2009] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [17:29 24/12/2009] [05:55 08/07/2009] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\websearch.gif --a---- 1137 bytes [16:32 23/07/2011] [21:49 16/03/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [16:32 23/07/2011] [21:49 16/03/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\websearch.gif --a---- 1137 bytes [19:47 28/03/2010] [00:23 15/05/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [19:47 28/03/2010] [00:23 15/05/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [16:38 23/07/2011] [00:34 12/03/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [16:38 23/07/2011] [00:34 12/03/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\websearch.gif --a---- 1137 bytes [00:20 16/02/2011] [22:42 06/02/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [00:20 16/02/2011] [22:42 06/02/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\websearch.gif --a---- 1137 bytes [01:14 09/11/2011] [05:16 26/01/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [01:14 09/11/2011] [05:16 26/01/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [20:22 28/12/2009] [11:20 02/10/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [20:22 28/12/2009] [11:20 02/10/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EA Help\websearch.gif --a---- 1137 bytes [06:25 29/12/2009] [00:35 01/11/2005] 3F27060B77FBAF2D7FBF4C0445F189EB

========== folderfind ==========

Searching for "*saveas*"
C:\ProgramData\SaveAs d------ [15:34 29/01/2013]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs d------ [15:34 29/01/2013]
C:\Users\All Users\SaveAs d------ [15:34 29/01/2013]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SaveAs d------ [15:34 29/01/2013]

Searching for "*Websearch*"
No folders found.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

I was just about to edit my last post and add some more instructions and comment on the Tablet.
I know very little about tablet PC's but suspect it will come bundled with security software. If not you should get some useful advice by posting a new thread to answer your question.

Malwarebytes has brought another bad program to my attention, Search-NewTab.

Go into programs and features and see if Search-NewTab is listed, if it is uninstall it. If it isn't please run SystemLook again and use this script.


```
:filefind
*Search-NewTab*
:folderfind
*Search-NewTab*
```
When done please run DDS again and just post the DDS.txt log. I will then put together instructions to use a tool called OTM to remove all the bad programs and toolbars.


----------



## kbmccarthy (Sep 12, 2010)

Uninstalled SearchAs. Re-ran System look here is the log.
I'm not sure what came over me, I know I should wait for your instruction before I do something.

SystemLook 30.07.11 by jpshortstuff
Log created at 06:19 on 09/03/2013 by Kimmy
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Search-NewTab*"
C:\ProgramData\Search-NewTab\data\Search-NewTab.dat --a---- 10760 bytes [16:37 14/02/2013] [16:38 14/02/2013] DEBF77C68ADD835547932EBB85AE5B1B
C:\Users\All Users\Search-NewTab\data\Search-NewTab.dat --a---- 10760 bytes [16:37 14/02/2013] [16:38 14/02/2013] DEBF77C68ADD835547932EBB85AE5B1B

========== folderfind ==========

Searching for "*Search-NewTab*"
C:\ProgramData\Search-NewTab d------ [15:37 29/01/2013]
C:\Users\All Users\Search-NewTab d------ [15:37 29/01/2013]

-= EOF =-


----------



## Mark1956 (May 7, 2011)

There was no program involved in this called SearchAs so I assume you mean SaveAs. You said earlier you could not find it. Or did you mean Search-NewTab.

Please run this and post the log produced. When complete tell me if the problem has been fixed.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe

:Files
C:\Users\Kimmy\AppData\Local\Temp\SaveAs.exe.vir
C:\Users\Kimmy\Desktop\RK_Quarantine\SaveAs.exe.vir
C:\ProgramData\SaveAs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
C:\Users\All Users\SaveAs
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SaveAs
C:\ProgramData\Search-NewTab\data\Search-NewTab.dat
C:\Users\All Users\Search-NewTab\data\Search-NewTab.dat
C:\ProgramData\Search-NewTab
C:\Users\All Users\Search-NewTab

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## kbmccarthy (Sep 12, 2010)

Mozilla Firefox open with Google as the home page. That is what I want.
Websearch good results opens when I open a new tab.
I posted a thread about the Tablet.

Here is the log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\Kimmy\AppData\Local\Temp\SaveAs.exe.vir not found.
File/Folder C:\Users\Kimmy\Desktop\RK_Quarantine\SaveAs.exe.vir not found.
File/Folder C:\ProgramData\SaveAs not found.
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs not found.
File/Folder C:\Users\All Users\SaveAs not found.
File/Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SaveAs not found.
File/Folder C:\ProgramData\Search-NewTab\data\Search-NewTab.dat not found.
File/Folder C:\Users\All Users\Search-NewTab\data\Search-NewTab.dat not found.
File/Folder C:\ProgramData\Search-NewTab not found.
File/Folder C:\Users\All Users\Search-NewTab not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: cantstandyou

User: Default

User: Default User

User: ERBM
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kimmy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: AppData

User: cantstandyou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ERBM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimmy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1048576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372996971 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102605968 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 15851091 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 8239339 bytes

Total Files Cleaned = 478.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 03092013_103455

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

You didn't answer this:

There was no program involved in this called SearchAs so I assume you mean SaveAs. You said earlier you could not find it. Or did you mean Search-NewTab.

None of the files we located with SystemLook where found when running OTM so we need to go in another direction.

Please run HJT again and put a check mark next to these entries if they are still there.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?...60&lg=EN&cc=US
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?...60&lg=EN&cc=US
O2 - BHO: SaveAs - {B74F7D95-7A98-8A0F-7A09-C50747EEC081} - C:\ProgramData\SaveAs\5107f1be1f4ca.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
BHO: Search-NewTab: {E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242} - C:\ProgramData\Search-NewTab\5107f26dddefd.dll
O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll c:\progra~1\saveas\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll

Be very careful to only select the entries listed above and don't miss any.
When done click on the Fix checked button, when done post the log and check for the redirect again to see if it has gone.


----------



## kbmccarthy (Sep 12, 2010)

I'm not sure, it may have been search new tab, it was early, the coffee was still brewing.

This is the only file from the HJT scan 
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
I checked it but it didn't go away.

Web search still shows up when I add a tab
This error pops up when I restart

An error has occurred in the program during initialization. If this problem continues, please contact your system administrator.
Error code: 0x80070002

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:46 PM, on 3/9/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Users\Kimmy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\iebho.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14890 bytes


----------



## Mark1956 (May 7, 2011)

This is giving us the run around. Follow the instructions below to run a scan and post the log from OTL, this is similar to DDS but produces a much larger and more detailed log.

Was this the full error message: An error has occurred in the program during initialization. If this problem continues, please contact your system administrator. Error code: 0x80070002 did it not mention what program was causing the problem?


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## kbmccarthy (Sep 12, 2010)

I guess you could say the title of the box is Microsoft Security Client, but the actual error does not mention a program.

Here are the logs

OTL logfile created on: 3/9/2013 10:21:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimmy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 66.18% Memory free
8.02 Gb Paging File | 6.48 Gb Available in Paging File | 80.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 153.34 Gb Free Space | 53.69% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.96 Gb Free Space | 15.75% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Kimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kimmy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:*64bit:* - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (FlyUsb) -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys (LeapFrog)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:*64bit:* - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:*64bit:* - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:*64bit:* - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:*64bit:* - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:*64bit:* - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:*64bit:* - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc
IE - HKCU\..\SearchScopes\{9030DCAB-1770-8285-CB79-C4B3FE96F973}: "URL" = http://pos.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z112&partner_id=359&product_id=712&affiliate_id=&channel=PhotoPosPro_DC&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110816&user_guid=28539A0EB56A420CAD2343FF6166C3FF&machine_id=a7a0b83b46f7e6ac26592e2fad9c130c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/02/17 03:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 17:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 21:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 21:21:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 17:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 21:22:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 21:21:53 | 000,000,000 | ---D | M]

[2011/10/01 08:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions
[2013/01/19 06:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/02/23 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions
[2011/02/23 19:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/13 14:02:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/19 11:53:16 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/02/13 18:45:09 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2012/12/12 19:35:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/30 23:51:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected](96).com
[2013/02/13 18:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\chrome
[2013/02/13 18:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\locale
[2013/02/13 18:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\skin
[2013/02/18 18:18:52 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\extensions\[email protected]
[2011/08/16 10:34:32 | 000,002,298 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\bing-zugo.xml
[2013/02/18 18:08:52 | 000,001,635 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\firefox-add-ons.xml
[2013/03/07 21:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 21:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 21:22:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/07 21:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/07 21:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/07 21:22:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012/07/27 14:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/01/13 19:07:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/01/13 19:07:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/01/13 19:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/01/13 19:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/01/13 19:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2013/01/13 19:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2013/01/13 19:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
[2013/02/01 12:22:13 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/02/01 12:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/02/01 12:22:13 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/02/01 12:22:13 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/28 18:39:28 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 00:17:22 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 12:22:13 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/02/01 12:22:13 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcmfbdcpjoegfdiffmoakiepfgcgjp\1\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjbflpfehfbecdhlodekjieohdgko\1\

O1 HOSTS File: ([2013/03/09 10:38:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\gopher - No CLSID value found
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:*64bit:* - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/09 22:14:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 10:27:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/09 10:24:55 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 16:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030713
[2013/03/07 16:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030713
[2013/03/06 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030613
[2013/03/06 19:44:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 19:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030613
[2013/03/02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search
[2013/02/28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar
[2013/02/28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/28 18:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/28 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\RK_Quarantine
[2013/02/27 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\Desktop
[2013/02/20 19:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
[2013/02/20 19:11:54 | 000,000,000 | ---D | C] -- C:\Foldit
[2013/02/19 04:22:59 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\ElevatedDiagnostics
[2013/02/19 03:04:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/19 03:04:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/19 03:04:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/19 03:04:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/19 03:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/19 03:04:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/19 03:04:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/19 03:04:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/19 03:04:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/19 03:04:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/19 03:04:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/19 03:04:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/19 03:03:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/19 03:03:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/19 03:03:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/18 17:00:28 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013/02/18 17:00:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013/02/18 17:00:21 | 004,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/18 16:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/18 16:47:52 | 000,000,000 | ---D | C] -- C:\Windows\Temp7427D97C-A3B6-B84C-77D7-8B852B5F4EB4-Signatures
[2013/02/13 23:16:39 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/13 23:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/13 23:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/13 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\Malwarebytes
[2013/02/13 22:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/13 22:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/10 17:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
[2013/02/10 16:59:56 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\CRE
[2013/02/10 16:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/02/10 16:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/10 16:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/10 16:57:28 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/10 16:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin

========== Files - Modified Within 30 Days ==========

[2013/03/09 22:17:57 | 005,989,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/09 22:17:57 | 002,030,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/09 22:17:57 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/09 22:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 22:13:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/09 22:11:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/09 22:11:36 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 22:11:36 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 22:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/09 22:11:15 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/09 22:08:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/09 10:24:55 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/09 06:13:43 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimmy.job
[2013/03/08 03:00:37 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/07 19:26:12 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForERBM.job
[2013/03/07 17:25:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/07 17:20:33 | 000,019,530 | ---- | M] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/02 00:45:11 | 000,003,740 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 18:40:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 18:40:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/28 18:39:08 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/23 21:58:21 | 000,594,019 | ---- | M] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 19:12:27 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/19 03:49:56 | 000,396,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 18:29:48 | 000,000,912 | ---- | M] () -- C:\Users\Kimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 18:29:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/12 09:53:27 | 000,000,680 | ---- | M] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2013/02/09 19:30:02 | 000,004,034 | ---- | M] () -- C:\Users\Kimmy\Documents\3 etext.html

========== Files Created - No Company Name ==========

[2013/03/07 17:20:33 | 000,019,530 | ---- | C] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/06 19:44:25 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 22:01:41 | 000,003,740 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 21:58:21 | 000,594,019 | ---- | C] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 19:12:27 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/18 16:50:17 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/09 19:30:00 | 000,004,034 | ---- | C] () -- C:\Users\Kimmy\Documents\3 etext.html
[2013/01/17 17:36:43 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\wklnhst.dat
[2013/01/15 18:09:44 | 000,318,399 | ---- | C] () -- C:\Users\Kimmy\2012 IRS 1098T.pdf
[2012/11/18 21:39:49 | 000,000,272 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\.backup.dm
[2011/08/30 15:54:47 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\{1706F5E0-6BD6-4068-822B-A7AFDB1F52A0}
[2011/08/16 10:40:25 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/16 10:31:52 | 000,209,306 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/08/06 13:54:02 | 000,005,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/04 20:17:25 | 000,025,153 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.0
[2011/08/04 20:17:25 | 000,019,818 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.JPG
[2011/07/02 20:46:46 | 000,000,680 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2011/06/24 20:02:26 | 000,009,216 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 23:06:32 | 000,000,732 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps64.dat
[2011/05/08 09:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 17:21:47 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/06 17:21:47 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/05 20:21:39 | 000,172,283 | ---- | C] () -- C:\Windows\hpoins36.dat

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/27 16:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Auslogics
[2011/11/06 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\eTeks
[2012/12/03 21:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Free Download Manager
[2013/01/22 13:52:21 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\McGraw-HillLicensing
[2012/12/12 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\MediaPlayerPackages
[2011/11/12 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\OverDrive
[2012/09/14 23:07:58 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\PhotoScape
[2013/01/22 13:52:49 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\ProtectDisc
[2012/08/26 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\StartNow Toolbar
[2013/01/17 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Template
[2011/08/16 10:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Visan
[2011/12/04 17:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Wal-Mart

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >

Extra Log

OTL Extras logfile created on: 3/9/2013 10:21:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimmy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 66.18% Memory free
8.02 Gb Paging File | 6.48 Gb Available in Paging File | 80.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 153.34 Gb Free Space | 53.69% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.96 Gb Free Space | 15.75% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Kimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 25 A1 43 30 4B D5 CB 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124545AD-1629-4D70-A4EC-3229C335E0E1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{12D8022C-ED7B-448A-95A6-B3622BDAF306}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{361FB686-CBE8-4D58-B733-F959701F94FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{530C18E3-0C96-4C6E-8867-895B8BCC9D89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{54249B15-311C-40F3-A3C6-336D66D00A17}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6BF5F2AA-C1AE-408C-9451-BD2A53DB9EE9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B78626B7-1FEA-4056-B297-C8CEFAFE9056}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9541580-2C03-4EC5-B5C6-7C2D6C3A9BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BC2BF741-F250-496B-8681-437C842182E7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA54165B-7A97-4BDB-8DAF-C84A16FCF8FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CC8B8BD7-5B23-452A-B6A0-DDB35206EEC0}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0297657C-C1AD-4486-B676-505F511E54CB}" = protocol=58 | dir=in | [email protected],-28545 | 
"{1708F608-5C26-496B-ADB3-F99BD3497E18}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe | 
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{22F392CA-8688-4C25-9479-29DC32A8AFA7}" = protocol=17 | dir=in | app=c:\users\kimmy\appdata\local\temp\7zs4396\hpdiagnosticcoreui.exe | 
"{28DA4ADF-C863-47D2-A9B6-D3C59A43DD90}" = protocol=1 | dir=out | [email protected],-28544 | 
"{34B4CE00-686D-4A95-B85A-B2F1BC75337D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{36CBD08A-8620-46E5-BD5D-53C8D133E428}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{3A0779C5-073C-49CC-B016-AF337011FAEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{3EC8309B-4FD3-4687-94D3-4983DD5BE7E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{4151EB78-8FDF-4F4C-861E-1E6469F7E2CC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{45F47E48-5864-4BF7-AC04-3594870C7031}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{49BC5D6B-BEB2-4A0B-AF44-0273E4814AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{54B5C766-532A-4C5A-B0BA-EFED6BFE9484}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{60CD3DCB-E17B-4B64-9722-0779DD787FF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{65567896-CC1A-433C-AD44-0DADAB1EDCBA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{66820C91-AE81-4A42-A059-6D8F9B1E1D2B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{6971151B-2337-4644-93F9-BDF4488EE957}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{735FF509-9977-47C0-812C-33DFFC9C81FE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8B914D3A-F076-4D4B-9974-A1A1B05451FB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{91086E6E-934F-4481-A2E4-5134399A0D63}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{951D8CBC-6880-423E-BB2D-3D00D05585AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{99DABBC8-60E3-4811-A957-B4B0EF0E81FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9B88875C-E8B4-4307-8EE7-C6238D1E5527}" = protocol=6 | dir=in | app=c:\users\kimmy\appdata\local\temp\7zs4396\hpdiagnosticcoreui.exe | 
"{A4B10E01-0FAA-44B8-83FA-6A4E69A35497}" = protocol=58 | dir=out | [email protected],-28546 | 
"{A78973F1-CCFF-4B1C-84E0-139DD5D7F5FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B19D26E8-2A9D-4171-BA17-0DD503500BF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C18F0621-C559-4DE5-8B4F-1B3466C6E71B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{CE37BEE1-D444-4CAA-8EDF-597AD3540A7C}" = protocol=1 | dir=in | [email protected],-28543 | 
"{CFEB0373-8358-4A01-B6B5-C85BD6B33740}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{D1D884EE-96DF-4FD2-A033-5FB16D2FC054}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{D5BD83C8-5655-4F5B-94EB-219524741E28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{E147E981-B0B8-4EE1-B71B-B31D856E6AEA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{E52E75B3-C29B-45F2-9FA7-2B963BD3FB11}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F402A402-A829-4661-B6A2-AFB19CA06B73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"TCP Query User{1735FCA7-F92A-4A3C-A29B-82D9FB4CA574}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{22ED6AE4-0943-43C3-8597-F11577DFE884}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{3478E33C-15E6-45BA-86F4-8B48C7A3DED4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{AB9C9DD3-45DF-4410-AFFF-EBB2936BF6D9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{0C015569-E07E-48A5-9C5F-A27B765984D5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{58FC8D24-F5EF-400A-B875-705F93709F75}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{5DEE76BF-37E1-4840-AFB0-6AA155DEDEBA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{B0A397E7-C96F-4477-AE4D-E4ABBCE09962}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3119E881-90A3-11D4-9E17-00A0C9CA2831}" = Corel OCR-Trace
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{53F6009E-756A-4D3D-A0D3-B6D4CBEDA819}" = FloorPlan 3D v8
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63D87855-8A8D-49B9-B768-782D1E56A934}" = Body Spectrum
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Drakensang_is1" = Drakensang
"EADM" = EA Download Manager
"Foldit" = Foldit
"Google Chrome" = Google Chrome
"Home" = Total 3D Home Deluxe
"HP Photo Creations" = HP Photo Creations
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Photo Pos Pro" = Photo Pos Pro
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Punch! Professional Home Design - Platinum" = Punch! Professional Home Design - Platinum
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.7
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Media Player" = Media Player
"Media Player Packages" = Media Player Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2011 5:06:12 PM | Computer Name = Computer | Source = LoadPerf | ID = 3012
Description =

Error - 11/16/2011 5:06:12 PM | Computer Name = Computer | Source = LoadPerf | ID = 3011
Description =

Error - 11/17/2011 12:53:25 AM | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 11/17/2011 1:56:19 PM | Computer Name = Computer | Source = LoadPerf | ID = 3012
Description =

Error - 11/17/2011 1:56:19 PM | Computer Name = Computer | Source = LoadPerf | ID = 3011
Description =

Error - 11/17/2011 11:42:17 PM | Computer Name = Computer | Source = LoadPerf | ID = 3012
Description =

Error - 11/17/2011 11:42:17 PM | Computer Name = Computer | Source = LoadPerf | ID = 3011
Description =

Error - 11/18/2011 8:02:26 PM | Computer Name = Computer | Source = EventSystem | ID = 4621
Description =

Error - 11/18/2011 11:32:45 PM | Computer Name = Computer | Source = LoadPerf | ID = 3012
Description =

Error - 11/18/2011 11:32:45 PM | Computer Name = Computer | Source = LoadPerf | ID = 3011
Description =

[ System Events ]
Error - 3/9/2013 3:01:28 PM | Computer Name = Computer | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/9/2013 3:06:03 PM | Computer Name = Computer | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/9/2013 3:07:48 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7023
Description =

Error - 3/9/2013 5:43:00 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7023
Description =

Error - 3/9/2013 10:08:04 PM | Computer Name = Computer | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.115 for the Network Card with network
address 001E68DAFF6C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/9/2013 10:08:04 PM | Computer Name = Computer | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}
because another computer on the network has the same name. The server could not
start.

Error - 3/9/2013 10:08:04 PM | Computer Name = Computer | Source = netbt | ID = 4321
Description = The name "COMPUTER :20" could not be registered on the interface
with IP address 192.168.2.102. The computer with the IP address 192.168.2.115 did
not allow the name to be claimed by this computer.

Error - 3/9/2013 10:08:12 PM | Computer Name = Computer | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}
because another computer on the network has the same name. The server could not
start.

Error - 3/9/2013 11:05:55 PM | Computer Name = Computer | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.103
with the system having network hardware address 08-08-C2-FE-92-DD. Network operations
on this system may be disrupted as a result.

Error - 3/10/2013 12:11:51 AM | Computer Name = Computer | Source = Service Control Manager | ID = 7023
Description =

< End of report >


----------



## Mark1956 (May 7, 2011)

Please go into Programs & Features and uninstall the following items if there are in the list:

SearchCore for Browsers. 
Ask Toolbar 
McAfee Security Scan Plus 
AVG Secure Search and/or AVG Safeguard Toolbar

When that is complete please follow these instructions below. When you have run the removal, post the log and tell me if the page redirect is cured and if the error box is still appearing, from your description it relates to Microsoft Security Essentials.

OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop


Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
Under the Standard Registry box change it to All.
Check/tick the boxes beside LOP Check and Purity Check.


```
:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs= ^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
[2013/01/29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]
[2013/01/29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
[2013/03/02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search
[2013/02/28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar
[2013/02/28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

:commands
[createrestorepoint]
[EMPTYTEMP]
```

Copy & Paste everything in the Code box above into the Custom Scan/Fixes box.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of the report in your next reply.


----------



## kbmccarthy (Sep 12, 2010)

SearchCore for Browsers. NOT LISTED
Ask Toolbar LISTED BUT WOULD NOT UNINSTALL. These 2 boxes poped up.

Windows Installer
The feature you are trying to use in on a network resource that is unavailable.
Click OK to try again, or enter an alternate path to a folder containing the installation package "Ask Toolbar.msi" in the box below(referring to a Browse box)

Windows Installer
The installation source for this product is not available. Verify that the source exists and that ou can access it.

McAfee Security Scan Plus LISTED AND UNINSTALLED 
AVG Secure Search NOT LISTED
AVG Safeguard Toolbar LISTED BUT WILL NOT UNINSTALL

Restart still has error
New tab still redirects

Here is the log
OTL logfile created on: 3/10/2013 10:02:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimmy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.32% Memory free
8.02 Gb Paging File | 6.14 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 152.87 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.96 Gb Free Space | 15.75% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Kimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kimmy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:*64bit:* - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (FlyUsb) -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys (LeapFrog)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:*64bit:* - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:*64bit:* - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:*64bit:* - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:*64bit:* - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:*64bit:* - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:*64bit:* - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc
IE - HKCU\..\SearchScopes\{9030DCAB-1770-8285-CB79-C4B3FE96F973}: "URL" = http://pos.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z112&partner_id=359&product_id=712&affiliate_id=&channel=PhotoPosPro_DC&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110816&user_guid=28539A0EB56A420CAD2343FF6166C3FF&machine_id=a7a0b83b46f7e6ac26592e2fad9c130c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/02/17 04:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]

[2011/10/01 09:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions
[2013/01/19 07:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/02/23 23:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions
[2011/02/23 20:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/13 15:02:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/19 12:53:16 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/02/13 19:45:09 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2012/12/12 20:35:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/31 00:51:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected](96).com
[2013/02/13 19:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\chrome
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\locale
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\skin
[2013/02/18 19:18:52 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\extensions\[email protected]
[2011/08/16 11:34:32 | 000,002,298 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\bing-zugo.xml
[2013/02/18 19:08:52 | 000,001,635 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\firefox-add-ons.xml
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 22:22:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/07 22:22:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/01/13 20:07:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/01/13 20:07:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
[2013/02/01 13:22:13 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/02/01 13:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/02/01 13:22:13 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/02/01 13:22:13 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/28 19:39:28 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 01:17:22 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 13:22:13 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/02/01 13:22:13 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcmfbdcpjoegfdiffmoakiepfgcgjp\1\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjbflpfehfbecdhlodekjieohdgko\1\

O1 HOSTS File: ([2013/03/09 11:38:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\gopher - No CLSID value found
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:*64bit:* - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 04:00:36 | 000,000,000 | ---D | C] -- C:\b68d6f5c84092d30cb35604c54913a
[2013/03/09 23:14:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 11:27:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/09 11:24:55 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 17:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030713
[2013/03/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030713
[2013/03/06 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030613
[2013/03/06 20:44:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030613
[2013/03/02 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search
[2013/02/28 19:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar
[2013/02/28 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/28 19:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/28 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/28 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/28 19:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/28 12:42:17 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\RK_Quarantine
[2013/02/27 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\Desktop
[2013/02/20 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
[2013/02/20 20:11:54 | 000,000,000 | ---D | C] -- C:\Foldit
[2013/02/19 05:22:59 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\ElevatedDiagnostics
[2013/02/19 04:04:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/19 04:04:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/19 04:04:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/19 04:04:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/19 04:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/19 04:04:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/19 04:04:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/19 04:04:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/19 04:04:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/19 04:04:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/19 04:04:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/19 04:04:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/19 04:03:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/19 04:03:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/19 04:03:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/18 18:00:28 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013/02/18 18:00:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013/02/18 18:00:21 | 004,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/18 17:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/18 17:47:52 | 000,000,000 | ---D | C] -- C:\Windows\Temp7427D97C-A3B6-B84C-77D7-8B852B5F4EB4-Signatures
[2013/02/14 00:16:39 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/13 23:16:25 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\Malwarebytes
[2013/02/13 23:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/13 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/10 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
[2013/02/10 17:59:56 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\CRE
[2013/02/10 17:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/02/10 17:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/10 17:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/10 17:57:28 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/10 17:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin

========== Files - Modified Within 30 Days ==========

[2013/03/10 10:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 09:17:15 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 09:17:15 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 09:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 08:06:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 04:08:38 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimmy.job
[2013/03/10 04:00:42 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/10 01:17:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/09 23:17:57 | 005,989,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/09 23:17:57 | 002,030,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/09 23:17:57 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/09 23:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 23:11:15 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/09 11:24:55 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 20:26:12 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForERBM.job
[2013/03/07 18:25:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/07 18:20:33 | 000,019,530 | ---- | M] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/02 01:45:11 | 000,003,740 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 19:40:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 19:40:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/28 19:39:08 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/23 22:58:21 | 000,594,019 | ---- | M] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/19 04:49:56 | 000,396,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 19:29:48 | 000,000,912 | ---- | M] () -- C:\Users\Kimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 19:29:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/12 10:53:27 | 000,000,680 | ---- | M] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2013/02/09 20:30:02 | 000,004,034 | ---- | M] () -- C:\Users\Kimmy\Documents\3 etext.html

========== Files Created - No Company Name ==========

[2013/03/07 18:20:33 | 000,019,530 | ---- | C] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/06 20:44:25 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 23:01:41 | 000,003,740 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 22:58:21 | 000,594,019 | ---- | C] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/09 20:30:00 | 000,004,034 | ---- | C] () -- C:\Users\Kimmy\Documents\3 etext.html
[2013/01/17 18:36:43 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\wklnhst.dat
[2013/01/15 19:09:44 | 000,318,399 | ---- | C] () -- C:\Users\Kimmy\2012 IRS 1098T.pdf
[2012/11/18 22:39:49 | 000,000,272 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\.backup.dm
[2011/08/30 16:54:47 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\{1706F5E0-6BD6-4068-822B-A7AFDB1F52A0}
[2011/08/16 11:40:25 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/16 11:31:52 | 000,209,306 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/08/06 14:54:02 | 000,005,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/04 21:17:25 | 000,025,153 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.0
[2011/08/04 21:17:25 | 000,019,818 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.JPG
[2011/07/02 21:46:46 | 000,000,680 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2011/06/24 21:02:26 | 000,009,216 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 00:06:32 | 000,000,732 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps64.dat
[2011/05/08 10:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 18:21:47 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/06 18:21:47 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/05 21:21:39 | 000,172,283 | ---- | C] () -- C:\Windows\hpoins36.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/27 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Auslogics
[2011/11/06 18:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\eTeks
[2012/12/03 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Free Download Manager
[2013/01/22 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\McGraw-HillLicensing
[2012/12/12 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\MediaPlayerPackages
[2011/11/12 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\OverDrive
[2012/09/15 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\PhotoScape
[2013/01/22 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\ProtectDisc
[2012/08/26 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\StartNow Toolbar
[2013/01/17 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Template
[2011/08/16 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Visan
[2011/12/04 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Wal-Mart

========== Purity Check ==========

========== Custom Scans ==========

< :commands >
[2006/11/02 10:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 10:42:03 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 10:48:25 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/05/08 10:48:26 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 09:47:59 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/01/02 10:44:50 | 000,000,330 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForERBM.job
[2013/01/21 11:07:11 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForKimmy.job

< [EMPTYTEMP] >

< >

< :OTL >

< >

< O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. >

< IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs= ^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc >

< PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () >

< PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () >

< PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) >

< MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll () >

< DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) >

< FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) >
Invalid Switch: McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

< [2013/01/29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected] >
Invalid Switch: 29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]

< [2013/01/29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected] >
Invalid Switch: 29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]

< O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) >

< O4 - HKLM..\Run: [] File not found >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc) >

< O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< [2013/03/02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search >
Invalid Switch: 02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search

< [2013/02/28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar

< [2013/02/28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar

< [2013/02/28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys >
Invalid Switch: 28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

< [2013/02/28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search >
Invalid Switch: 28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

< [2013/02/28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

< [2013/02/18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus >
Invalid Switch: 18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

< [2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk >
Invalid Switch: 18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

< [2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk >
Invalid Switch: 18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >


----------



## Mark1956 (May 7, 2011)

Unfortunately I made an error with the OTL script and it has not removed any of the files. I have edited the script, please go back and run it again, it should produce a very different looking log showing all the items that have been moved.

The software you could not find or would not uninstall should all be taken out with OTL.


----------



## kbmccarthy (Sep 12, 2010)

OTL logfile created on: 3/10/2013 12:27:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimmy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.50% Memory free
8.03 Gb Paging File | 6.34 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 152.38 Gb Free Space | 53.35% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.96 Gb Free Space | 15.75% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Kimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kimmy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:*64bit:* - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (FlyUsb) -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys (LeapFrog)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:*64bit:* - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:*64bit:* - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:*64bit:* - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:*64bit:* - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:*64bit:* - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:*64bit:* - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc
IE - HKCU\..\SearchScopes\{9030DCAB-1770-8285-CB79-C4B3FE96F973}: "URL" = http://pos.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z112&partner_id=359&product_id=712&affiliate_id=&channel=PhotoPosPro_DC&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110816&user_guid=28539A0EB56A420CAD2343FF6166C3FF&machine_id=a7a0b83b46f7e6ac26592e2fad9c130c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/02/17 04:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]

[2011/10/01 09:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions
[2013/01/19 07:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/02/23 23:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions
[2011/02/23 20:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/13 15:02:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/19 12:53:16 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/02/13 19:45:09 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2012/12/12 20:35:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/31 00:51:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected](96).com
[2013/02/13 19:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\chrome
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\locale
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\skin
[2013/02/18 19:18:52 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\extensions\[email protected]
[2011/08/16 11:34:32 | 000,002,298 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\bing-zugo.xml
[2013/02/18 19:08:52 | 000,001,635 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\firefox-add-ons.xml
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 22:22:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/07 22:22:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/01/13 20:07:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/01/13 20:07:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
[2013/02/01 13:22:13 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/02/01 13:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/02/01 13:22:13 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/02/01 13:22:13 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/28 19:39:28 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 01:17:22 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 13:22:13 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/02/01 13:22:13 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcmfbdcpjoegfdiffmoakiepfgcgjp\1\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjbflpfehfbecdhlodekjieohdgko\1\

O1 HOSTS File: ([2013/03/09 11:38:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\gopher - No CLSID value found
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:*64bit:* - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/09 23:14:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 11:27:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/09 11:24:55 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 17:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030713
[2013/03/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030713
[2013/03/06 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030613
[2013/03/06 20:44:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030613
[2013/03/02 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search
[2013/02/28 19:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar
[2013/02/28 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/28 19:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/28 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/28 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/28 19:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/28 12:42:17 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\RK_Quarantine
[2013/02/27 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\Desktop
[2013/02/20 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
[2013/02/20 20:11:54 | 000,000,000 | ---D | C] -- C:\Foldit
[2013/02/19 05:22:59 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\ElevatedDiagnostics
[2013/02/19 04:04:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/19 04:04:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/19 04:04:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/19 04:04:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/19 04:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/19 04:04:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/19 04:04:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/19 04:04:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/19 04:04:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/19 04:04:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/19 04:04:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/19 04:04:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/19 04:03:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/19 04:03:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/19 04:03:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/18 18:00:28 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013/02/18 18:00:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013/02/18 18:00:21 | 004,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/18 17:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/18 17:47:52 | 000,000,000 | ---D | C] -- C:\Windows\Temp7427D97C-A3B6-B84C-77D7-8B852B5F4EB4-Signatures
[2013/02/14 00:16:39 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/13 23:16:25 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\Malwarebytes
[2013/02/13 23:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/13 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/10 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
[2013/02/10 17:59:56 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\CRE
[2013/02/10 17:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/02/10 17:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/10 17:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/10 17:57:28 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/10 17:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin

========== Files - Modified Within 30 Days ==========

[2013/03/10 12:26:50 | 006,016,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 12:26:50 | 002,040,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 12:26:50 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 12:24:22 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 12:24:22 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 12:23:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 12:23:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 12:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 10:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 10:24:25 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimmy.job
[2013/03/10 10:24:13 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 04:00:42 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/09 23:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 11:24:55 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 20:26:12 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForERBM.job
[2013/03/07 18:25:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/07 18:20:33 | 000,019,530 | ---- | M] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/02 01:45:11 | 000,003,740 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 19:40:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 19:40:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/28 19:39:08 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/23 22:58:21 | 000,594,019 | ---- | M] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/19 04:49:56 | 000,396,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 19:29:48 | 000,000,912 | ---- | M] () -- C:\Users\Kimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 19:29:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/12 10:53:27 | 000,000,680 | ---- | M] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2013/02/09 20:30:02 | 000,004,034 | ---- | M] () -- C:\Users\Kimmy\Documents\3 etext.html

========== Files Created - No Company Name ==========

[2013/03/07 18:20:33 | 000,019,530 | ---- | C] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/06 20:44:25 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 23:01:41 | 000,003,740 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 22:58:21 | 000,594,019 | ---- | C] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/09 20:30:00 | 000,004,034 | ---- | C] () -- C:\Users\Kimmy\Documents\3 etext.html
[2013/01/17 18:36:43 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\wklnhst.dat
[2013/01/15 19:09:44 | 000,318,399 | ---- | C] () -- C:\Users\Kimmy\2012 IRS 1098T.pdf
[2012/11/18 22:39:49 | 000,000,272 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\.backup.dm
[2011/08/30 16:54:47 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\{1706F5E0-6BD6-4068-822B-A7AFDB1F52A0}
[2011/08/16 11:40:25 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/16 11:31:52 | 000,209,306 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/08/06 14:54:02 | 000,005,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/04 21:17:25 | 000,025,153 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.0
[2011/08/04 21:17:25 | 000,019,818 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.JPG
[2011/07/02 21:46:46 | 000,000,680 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2011/06/24 21:02:26 | 000,009,216 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 00:06:32 | 000,000,732 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps64.dat
[2011/05/08 10:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 18:21:47 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/06 18:21:47 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/05 21:21:39 | 000,172,283 | ---- | C] () -- C:\Windows\hpoins36.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/27 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Auslogics
[2011/11/06 18:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\eTeks
[2012/12/03 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Free Download Manager
[2013/01/22 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\McGraw-HillLicensing
[2012/12/12 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\MediaPlayerPackages
[2011/11/12 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\OverDrive
[2012/09/15 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\PhotoScape
[2013/01/22 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\ProtectDisc
[2012/08/26 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\StartNow Toolbar
[2013/01/17 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Template
[2011/08/16 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Visan
[2011/12/04 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Wal-Mart

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >
[2006/11/02 10:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 10:42:03 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 10:48:25 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/05/08 10:48:26 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 09:47:59 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/01/02 10:44:50 | 000,000,330 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForERBM.job
[2013/01/21 11:07:11 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForKimmy.job

< O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. >

< IE - HKCU\..\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2462&src=kw&q={searchTerms}&locale=&apn_ptnrs= ^A3Y&apn_dtid=^YYYYYY^IZ^US&apn_uid=d91f4833-d93d-48bc-894b-04a3885139ce&apn_sauid=1B3B7595-98C9-4147-AE2F-40A851DD2DA5&atb=sysid%3D406%3Aappid%3D102%3Auc >

< PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () >

< PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () >

< PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) >

< MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll () >

< DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) >

< FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) >
Invalid Switch: McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

< [2013/01/29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected] >
Invalid Switch: 29 09:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]

< [2013/01/29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected] >
Invalid Switch: 29 09:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]

< O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) >

< O4 - HKLM..\Run: [] File not found >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc) >

< O20 - AppInit_DLLs: (c:\progra~1\search~1\search~1\iebho.dll) - c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) >

< [2013/03/02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search >
Invalid Switch: 02 01:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search

< [2013/02/28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar

< [2013/02/28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar

< [2013/02/28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys >
Invalid Switch: 28 18:39:18 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

< [2013/02/28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search >
Invalid Switch: 28 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

< [2013/02/28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar >
Invalid Switch: 28 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

< [2013/02/18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus >
Invalid Switch: 18 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

< [2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk >
Invalid Switch: 18 16:50:17 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

< [2013/02/18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk >
Invalid Switch: 18 16:50:17 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

< >

< :commands >

< [EMPTYTEMP] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >


----------



## Mark1956 (May 7, 2011)

There is still a problem, when you have copied the script into the box are you hitting the Scan button or the Run Fix button, you should be hitting the Run Fix button.


----------



## kbmccarthy (Sep 12, 2010)

Nothing has changed on my end.
Here is the log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8981CA68-77D2-406C-90C1-804A6DD8D273}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8981CA68-77D2-406C-90C1-804A6DD8D273}\ not found.
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ not found.
File C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
Folder C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]\ not found.
Folder C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\ex tensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
File C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\search~1\search~1\iebho.dll deleted successfully.
c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\search~1\search~1\iebho.dll deleted successfully.
File c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\search~1\search~1\iebho.dll deleted successfully.
File c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\search~1\search~1\iebho.dll deleted successfully.
File c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found.
C:\Users\Kimmy\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
Folder C:\Program Files (x86)\AVG SafeGuard toolbar\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\ not found.
File C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk not found.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData

User: cantstandyou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ERBM
->Temp folder emptied: 3327366 bytes
->Temporary Internet Files folder emptied: 90662 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimmy
->Temp folder emptied: 3181452 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 342468583 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2514 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119826 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 333.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03102013_132030

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

This is taking some chasing down, but we will get there.

Please now run a scan with ADWCleaner using the Delete button and post the log, then run OTL using the Scan button and post that log also.


----------



## kbmccarthy (Sep 12, 2010)

Hate to be the bearer of bad news. Got a new pop up when opening new tab. Something about needing a flash something plug in. If I try the link again it usually goes through.
Here are the logs

# AdwCleaner v2.113 - Logfile created 03/10/2013 at 14:49:51
# Updated 23/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\staged
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

-\\ Google Chrome v25.0.1364.152

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2743 octets] - [10/03/2013 14:49:51]

########## EOF - C:\AdwCleaner[S4].txt - [2803 octets] ##########

OTL logfile created on: 3/10/2013 2:57:15 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kimmy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.84% Memory free
7.98 Gb Paging File | 6.07 Gb Available in Paging File | 76.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 152.66 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.96 Gb Free Space | 15.75% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Kimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kimmy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:*64bit:* - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (FlyUsb) -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys (LeapFrog)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:*64bit:* - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:*64bit:* - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:*64bit:* - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:*64bit:* - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:*64bit:* - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:*64bit:* - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{9030DCAB-1770-8285-CB79-C4B3FE96F973}: "URL" = http://pos.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z112&partner_id=359&product_id=712&affiliate_id=&channel=PhotoPosPro_DC&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110816&user_guid=28539A0EB56A420CAD2343FF6166C3FF&machine_id=a7a0b83b46f7e6ac26592e2fad9c130c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/02/17 04:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/06 18:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 22:22:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/07 22:21:53 | 000,000,000 | ---D | M]

[2011/10/01 09:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions
[2013/01/19 07:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/02/23 23:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions
[2011/02/23 20:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/13 15:02:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/19 12:53:16 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:36:17 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/29 10:38:53 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/02/13 19:45:09 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2012/12/12 20:35:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
[2013/01/31 00:51:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected](96).com
[2013/02/13 19:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\chrome
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\locale
[2013/02/13 19:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\skin
[2013/02/18 19:18:52 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\extensions\[email protected]
[2011/08/16 11:34:32 | 000,002,298 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\bing-zugo.xml
[2013/02/18 19:08:52 | 000,001,635 | ---- | M] () -- C:\Users\Kimmy\AppData\Roaming\mozilla\firefox\profiles\vjtrjvay.default\searchplugins\firefox-add-ons.xml
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 22:22:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/07 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/07 22:22:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/01/13 20:07:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/01/13 20:07:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/01/13 20:07:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2013/01/13 20:07:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
[2013/02/01 13:22:13 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/02/01 13:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/02/01 13:22:13 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/02/01 13:22:13 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/28 19:39:28 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 01:17:22 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 13:22:13 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/02/01 13:22:13 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhcmfbdcpjoegfdiffmoakiepfgcgjp\1\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: No name found = C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjbflpfehfbecdhlodekjieohdgko\1\

O1 HOSTS File: ([2013/03/09 11:38:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9}: DhcpNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\gopher - No CLSID value found
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:*64bit:* - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3623f7-2f2c-11e2-ad96-001e68daff6c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 14:54:44 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\AVG Secure Search
[2013/03/10 13:20:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/09 23:14:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 11:27:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/03/09 11:24:55 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 17:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030713
[2013/03/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030713
[2013/03/06 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\techguy030613
[2013/03/06 20:44:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\techguy030613
[2013/02/28 19:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/28 19:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/28 12:42:17 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\RK_Quarantine
[2013/02/27 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\Desktop\Desktop
[2013/02/20 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
[2013/02/20 20:11:54 | 000,000,000 | ---D | C] -- C:\Foldit
[2013/02/19 05:22:59 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\ElevatedDiagnostics
[2013/02/19 04:04:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/19 04:04:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/19 04:04:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/19 04:04:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/19 04:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/19 04:04:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/19 04:04:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/19 04:04:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/19 04:04:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/19 04:04:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/19 04:04:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/19 04:04:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/19 04:03:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/19 04:03:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/19 04:03:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/18 18:00:28 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013/02/18 18:00:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013/02/18 18:00:21 | 004,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/18 17:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/18 17:47:52 | 000,000,000 | ---D | C] -- C:\Windows\Temp7427D97C-A3B6-B84C-77D7-8B852B5F4EB4-Signatures
[2013/02/14 00:16:39 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/14 00:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/13 23:16:25 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Roaming\Malwarebytes
[2013/02/13 23:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/13 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/10 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
[2013/02/10 17:59:56 | 000,000,000 | ---D | C] -- C:\Users\Kimmy\AppData\Local\CRE
[2013/02/10 17:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/02/10 17:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/10 17:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/10 17:57:28 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/02/10 17:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin

========== Files - Modified Within 30 Days ==========

[2013/03/10 14:58:20 | 006,043,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 14:58:19 | 002,049,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 14:58:19 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 14:54:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 14:51:56 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:51:56 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:51:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 14:51:37 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 14:50:23 | 000,004,655 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/10 14:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 14:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 10:24:25 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimmy.job
[2013/03/10 04:00:42 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/09 23:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTL.exe
[2013/03/09 11:24:55 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Kimmy\Desktop\OTM.exe
[2013/03/07 20:26:12 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForERBM.job
[2013/03/07 18:25:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/07 18:20:33 | 000,019,530 | ---- | M] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/02/28 19:40:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 19:40:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/23 22:58:21 | 000,594,019 | ---- | M] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/19 04:49:56 | 000,396,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 19:29:48 | 000,000,912 | ---- | M] () -- C:\Users\Kimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 19:29:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/12 10:53:27 | 000,000,680 | ---- | M] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2013/02/09 20:30:02 | 000,004,034 | ---- | M] () -- C:\Users\Kimmy\Documents\3 etext.html

========== Files Created - No Company Name ==========

[2013/03/07 18:20:33 | 000,019,530 | ---- | C] () -- C:\Users\Kimmy\Desktop\techguy1.exe.htm
[2013/03/06 20:44:25 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 23:01:41 | 000,004,655 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 22:58:21 | 000,594,019 | ---- | C] () -- C:\Users\Kimmy\Desktop\adwcleaner.exe
[2013/02/20 20:12:27 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/02/09 20:30:00 | 000,004,034 | ---- | C] () -- C:\Users\Kimmy\Documents\3 etext.html
[2013/01/17 18:36:43 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\wklnhst.dat
[2013/01/15 19:09:44 | 000,318,399 | ---- | C] () -- C:\Users\Kimmy\2012 IRS 1098T.pdf
[2012/11/18 22:39:49 | 000,000,272 | ---- | C] () -- C:\Users\Kimmy\AppData\Roaming\.backup.dm
[2011/08/30 16:54:47 | 000,000,000 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\{1706F5E0-6BD6-4068-822B-A7AFDB1F52A0}
[2011/08/16 11:40:25 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/16 11:31:52 | 000,209,306 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/08/06 14:54:02 | 000,005,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/04 21:17:25 | 000,025,153 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.0
[2011/08/04 21:17:25 | 000,019,818 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\tmpDSCN0917.JPG
[2011/07/02 21:46:46 | 000,000,680 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps.dat
[2011/06/24 21:02:26 | 000,009,216 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 00:06:32 | 000,000,732 | ---- | C] () -- C:\Users\Kimmy\AppData\Local\d3d9caps64.dat
[2011/05/08 10:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 18:21:47 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/06 18:21:47 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/05 21:21:39 | 000,172,283 | ---- | C] () -- C:\Windows\hpoins36.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/27 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Auslogics
[2011/11/06 18:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\eTeks
[2012/12/03 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Free Download Manager
[2013/01/22 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\McGraw-HillLicensing
[2012/12/12 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\MediaPlayerPackages
[2011/11/12 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\OverDrive
[2012/09/15 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\PhotoScape
[2013/01/22 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\ProtectDisc
[2012/08/26 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\StartNow Toolbar
[2013/01/17 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Template
[2011/08/16 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Visan
[2011/12/04 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimmy\AppData\Roaming\Wal-Mart

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >


----------



## Mark1956 (May 7, 2011)

ADWCleaner is still showing the same bunch of Adware.

I'd like to try another couple of scans to see if they can find the malicious object that is causing this. There is obviously something in the system that keeps recreating these items and no matter what we delete they keep coming back. Good to hear the redirect has changed so there is some improvement, but we are not quite there yet.

I'd also like you to run Internet Explorer with no Add-ons to see if that stops the redirect on new tabs. Click on Start, click on All Programs, Accessories, System Tools, Internet Explorer (No Add-ons).

Please download Junkware Removal Tool  to your desktop.


Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=================================================================

Then follow this to run Combofix.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## kbmccarthy (Sep 12, 2010)

Before I get started, at the beginning you wrote to shut down antivirus. What antivirus do I shut down and how to do it?


----------



## Mark1956 (May 7, 2011)

You have Microsoft Security Essentials, this is how to disable it.

Click on the icon in the Taskbar, then click on *Open* which should appear. If it isn't visible in the Taskbar, click on Start, All Programs and then click on it in the list to open it.
Click on the *Settings* tab and select *Real-time protection* in the list on the left.
Click on the check box to clear it next to *Turn on real-time protection (recommended).*
Click on *Save Changes* and close the window.
Disconnect from the Internet while you have the program disabled and make sure you re-enable it before you connect back to the internet.


----------



## Mark1956 (May 7, 2011)

I guess you have been held up which is not a problem, but I needed to post this before I forget about it.

As you are seeing an error relating to Microsoft Security Essentials it would be wise to reinstall it, please download a fresh copy from here Microsoft Security Essentials and save it to your desktop. Disconnect from the internet and uninstall the existing version through Programs and Features, then double click on the new copy on your desktop and let it install. Run the program and let it update then run a Full scan with it and report back with an accurate account of anything it finds and remove them.

You may be pleased to hear that I have been doing some research on this specific problem and just recently some more information on it has become available in our private forum for Malware Removal Staff, so I have a much better idea of the direction we should be going in.

I would ask that from this point forward you do not make any changes to the system unless specifically asked to do so as this will make the future logs produced confusing. I can see you have two optimizer programs installed, *Auslogics BoostSpeed* and *Auslogics Registry Cleaner,* they don't relate to the main problem but I would strongly recommend you remove them as these kinds of programs can do more harm than good.

Once you have run JRT and Combofix please post the logs from them. Then please go to Programs and Features in the Control Panel and uninstall any of these programs that remain, I know you have tried to uninstall some before but we need to try again and for you to tell me of any that don't appear or will not uninstall so I have a full up to date list to work from. Make a written list of the items not found and items that were found but would not uninstall.

*StartNow Toolbar
Search Assistant WebSearch 1.74
Search-NewTab
Mplayer 0.6.9
McAfee Security Scan Plus
iLivid
Ask Toolbar
Auslogics BoostSpeed
Auslogics Registry Cleaner*
*Free Download Manager

*Please then try to find and uninstall any of the items on your list with CCLeaner. Open CCLeaner and click on the Tools button, a list of installed programs will appear. Look for and try to uninstall all of the items on your list by clicking on the item and then clicking on the Uninstall button. DO NOT do anything else with CCLeaner unless I instruct you to.

I would also ask that you refrain from using the PC for anything other than the work we are doing here and don't use it on the internet for any other purpose. There have been a few mistakes made posting logs and following instructions so please try to concentrate a little more on the instructions I am giving so we can get through this as fast as possible.

In your next post I need to see:
*Combofix log
JRT log
A detailed list of anything found and removed by Microsoft Security Essentials.
List of programs from the above that you cannot find and those you found but cannot uninstall.
Run ADWCleaner again and post the new log produced.*


----------



## kbmccarthy (Sep 12, 2010)

Sorry about the delay. When I click on the Microsoft Security Essentials the same pop up error comes up that pops up when I restart. I have printed off the other instructions. Back in a bit.


----------



## Mark1956 (May 7, 2011)

I'm not sure were you have go to, have you already re-installed MSE?


----------



## kbmccarthy (Sep 12, 2010)

Uninstalled and re-installed MSE. Disabled real-time.
Here is the log for defogger.
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:41 on 15/03/2013 (Kimmy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...

-=E.O.F=-

Here is the log for Combo.fix

ComboFix 13-03-14.02 - Kimmy 03/15/2013 7:57.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2391 [GMT -5:00]
Running from: c:\users\Kimmy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\users\ERBM\Documents\~WRL3795.tmp
c:\users\ERBM\Documents\~WRL3973.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 13:14 . 2013-03-15 13:14 -------- d-----w- c:\users\Kimmy\AppData\Local\temp
2013-03-15 11:06 . 2013-03-15 11:06 -------- d-----w- c:\windows\ERUNT
2013-03-15 11:06 . 2013-03-15 11:06 -------- d-----w- C:\JRT
2013-03-15 00:54 . 2013-02-07 21:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72C3FC3E-E986-41E7-A167-C2BF34745AAE}\mpengine.dll
2013-03-15 00:50 . 2013-03-15 00:50 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2855C88C-8665-4B1A-AA65-4B28F8ED4446}\gapaengine.dll
2013-03-15 00:50 . 2013-02-07 21:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-15 00:46 . 2013-03-15 00:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-15 00:46 . 2013-03-15 00:46 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-10 19:54 . 2013-03-10 19:54 -------- d-----w- c:\users\Kimmy\AppData\Local\AVG Secure Search
2013-03-10 18:20 . 2013-03-10 18:20 -------- d-----w- C:\_OTL
2013-03-09 16:27 . 2013-03-09 16:27 -------- d-----w- C:\_OTM
2013-03-07 22:38 . 2013-03-07 23:25 -------- d-----w- c:\program files (x86)\techguy030713
2013-03-07 01:44 . 2013-03-07 01:44 -------- d-----w- c:\program files (x86)\techguy030613
2013-03-07 01:44 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-02 22:18 . 2013-03-02 22:18 -------- d-----w- c:\users\ERBM\AppData\Local\AVG Secure Search
2013-03-01 00:39 . 2013-03-01 00:39 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-03-01 00:38 . 2013-03-01 00:38 -------- d--h--w- c:\programdata\Common Files
2013-02-24 04:01 . 2013-03-10 19:50 4655 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-21 01:11 . 2013-02-21 01:16 -------- d-----w- C:\Foldit
2013-02-19 10:22 . 2013-02-19 10:22 -------- d-----w- c:\users\Kimmy\AppData\Local\ElevatedDiagnostics
2013-02-19 09:29 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-19 09:29 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-18 23:02 . 2013-01-04 11:31 1417576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-18 23:02 . 2013-01-04 02:23 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-02-18 23:02 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-02-18 23:00 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-02-18 23:00 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-02-18 23:00 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-18 22:47 . 2013-02-18 22:47 -------- d-----w- c:\windows\Temp7427D97C-A3B6-B84C-77D7-8B852B5F4EB4-Signatures
2013-02-14 05:16 . 2013-02-14 05:16 -------- d-----w- c:\users\Kimmy\AppData\Roaming\SUPERAntiSpyware.com
2013-02-14 05:16 . 2013-02-18 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-14 05:16 . 2013-02-14 05:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-14 04:16 . 2013-02-14 04:16 -------- d-----w- c:\users\Kimmy\AppData\Roaming\Malwarebytes
2013-02-14 04:15 . 2013-02-14 04:15 -------- d-----w- c:\programdata\Malwarebytes
2013-02-14 04:15 . 2013-02-14 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 08:11 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe
2013-03-13 12:13 . 2012-07-27 14:47 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 12:13 . 2011-05-16 18:08 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-02-16 00:00 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-29 15:35 . 2013-01-29 15:35 49872 ----a-w- c:\windows\system32\drivers\paqqwtro.sys
2013-01-22 19:53 . 2013-01-22 19:53 335288 ----a-w- c:\windows\system32\drivers\acedrv11.sys
2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2013-01-20 20:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 13:31 . 2012-12-21 09:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 09:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 09:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 09:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-03-01 1151152]
.
c:\users\ERBM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2013-01-22 335288]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-03-02 89600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 20:05 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 12:13]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 15:48]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 15:48]
.
2013-03-08 c:\windows\Tasks\HPCeeScheduleForERBM.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34]
.
2013-03-14 c:\windows\Tasks\HPCeeScheduleForKimmy.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-02-18 18:08; [email protected]; c:\users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-02-17 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-04-06 18:31; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{1be04434-6b9f-48c8-8675-94c640d5b293} - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-03-15 08:20:28
ComboFix-quarantined-files.txt 2013-03-15 13:20
.
Pre-Run: 162,021,490,688 bytes free
Post-Run: 161,893,994,496 bytes free
.
- - End Of File - - E707B31676B81BE0BA5470A0BD2C0EAC

MSE error gone when I restarted. Re-enabled real time protection.

When I ran the MSE scan it took a long time. When I checked on it, it had finished and was on the pick user screen and no report. If there is a report I will need to know where to find it.

Will post list from Programs and Features shortly.


----------



## kbmccarthy (Sep 12, 2010)

Under Program and Features
Not Listed
StartNow Toolbar
Search Assistant WebSearch 1.74
Search -NewTab
McAfee Security Scan
Auslogics BoostSpeed
Auslogics Registry Cleaner
Free Download Manager

Uninstalled
Mplayer 0.6.9

iLivid was listed, but gave no response when I selected it.

Ask Toolbar gave the following:

The feature you are trying to use is on a network resource that is unavailable.
Click o.k. to try again (didn't change anything) or exter an alternative path to a folder containing the installation package
"Ask Toolbar.msi" in the box below
C:\\users\kimmy\AppData\Local\Temp\(DD798CD2-A9BD-4BOF-97DC-C2F989DF2305)\

I was unable to locate ccleaner. Will post the adwcleaner next.


----------



## Mark1956 (May 7, 2011)

Follow this to find the MSE log, chances are it didn't find anything or it would have waited for you to confirm removal of the detections, please post the log just to be sure.

Don't forget the other scans with JRT and ADWCleaner.

*Microsoft Security Essentials*


Click on Start and type *eventvwr.msc* into the search box and hit *Enter.*
Event Viewer will open. Click on *Windows Logs* in the left pane and then double click on *System.*
In the right pane click on *Find* and type *microsoft antimalware* and click *Find Next.*
The first search result will be highlighted in the list of System events (it may highlight something completely different, but please continue). Keep clicking on *Find Next* until it reaches the scan you did. (Check the date and time corresponding to when the scan was done).
Click on *Cancel *to close the find box.
You should see the details of the scan results with a list of the detections found. 
Click on *Copy* in the right hand pane and select *Copy Details as Text.* Close all the windows.
Come back to this thread and *right* click on the message box, select *Paste* and the log will appear, then submit the post.


----------



## Mark1956 (May 7, 2011)

My last post was made before I saw post 52 so I can see you have not forgotten ADWCleaner 

Looks like we have a bit of work still to do, we will see what comes up in the JRT and ADWCleaner scans.


----------



## kbmccarthy (Sep 12, 2010)

MSE
There were several listings so I copied all of them.

Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The System log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.046Z" />
<EventRecordID>172481</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>System</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The DFS Replication log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.119Z" />
<EventRecordID>172482</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>DFS Replication</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The Internet Explorer log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.189Z" />
<EventRecordID>172483</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>Internet Explorer</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>
Log Name: System
Source:  Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The Key Management Service log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.261Z" />
<EventRecordID>172484</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>Key Management Service</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The Media Center log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.341Z" />
<EventRecordID>172485</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>Media Center</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 3/15/2013 6:28:07 AM
Event ID: 104
Task Category: Log clear
Level: Information
Keywords: 
User: COMPUTER\Kimmy
Computer: Computer
Description:
The Windows PowerShell log file was cleared.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>104</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-15T11:28:07.416Z" />
<EventRecordID>172486</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="3044" />
<Channel>System</Channel>
<Computer>Computer</Computer>
<Security UserID="S-1-5-21-2196127602-2517890934-2989324103-1002" />
</System>
<UserData>
<LogFileCleared xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<SubjectUserName>Kimmy</SubjectUserName>
<SubjectDomainName>COMPUTER</SubjectDomainName>
<Channel>Windows PowerShell</Channel>
<BackupPath>
</BackupPath>
</LogFileCleared>
</UserData>
</Event>


----------



## Mark1956 (May 7, 2011)

None of those are the log from MSE. Please follow the instructions agian, when you click on find and type in microsoft antimalware, you then click the Find next button, as soon as a log appears in the list at the top of the window with the name microsoft antimalware that is the log you need to post. It should show the date and time the scan was run, there will only be one with the correct date.

As soon as you get the time to run JRT and ADWCleaner please post the logs from them.


----------



## kbmccarthy (Sep 12, 2010)

Find: microsoft malware foundnothing. 

I think with the followin JRT, ADWcleaner and CCleaner I am current.





JRT LOG



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.1 (03.12.2013:1)

OS: Windows (TM) Vista Home Premium x64

Ran by Kimmy on Fri 03/15/2013 at 12:46:35.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









~~~ Services







~~~ Registry Values







~~~ Registry Keys







~~~ Files













ADWCLEANER LOG



# AdwCleaner v2.114 - Logfile created 03/15/2013 at 09:46:37

# Updated 05/03/2013 by Xplode

# Operating system : Windows (TM) Vista Home Premium ServicePack 2 (64 bits)

# User : Kimmy - COMPUTER

# Boot Mode : Normal

# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe

# Option [Delete]





***** [Services] *****





***** [Files / Folders] *****



Deleted on reboot : C:\ProgramData\ClickIT

Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG SecureSearch

Deleted on reboot :C:\Users\ERBM\AppData\LocalLow\AskToolbar

Deleted on reboot :C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\staged

Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG SecureSearch



***** [Registry] *****



Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\AppManagement\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted :HKCU\Software\Microsoft\Windows\CurrentVersion\AppManagement\ARPCache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}



***** [Internet Browsers] *****



-\\ Internet Explorer v9.0.8112.16470



[OK] Registry is clean.



-\\ Mozilla Firefox v19.0.2 (en-US)



File :C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js



[OK] File is clean.



File :C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js



[OK] File is clean.



-\\ Google Chrome v25.0.1364.172



File : C:\Users\ERBM\AppData\Local\Google\Chrome\UserData\Default\Preferences



[OK] File is clean.



File : C:\Users\Kimmy\AppData\Local\Google\Chrome\UserData\Default\Preferences



Deleted [l.1] : urls_to_restore_on_startup={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]



*************************



AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]

AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]

AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]

AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]

AdwCleaner[S5].txt - [2013 octets] - [15/03/2013 09:46:37]



########## EOF - C:\AdwCleaner[S5].txt - [2073 octets]##########





CCLeaner



iLivid

The feature you are trying to use is on a network resourcethat is unavailable.

Click OK to try again, or enter an alternate path to afolder containing the installation package 

iLividSetupV1.msi in the box below.





C:\Users\Kimmy\AppData\Local\Temp\miaEBB5.tmp\data\

C:\Users\Kimmy\AppData\Local\Temp\mia88CE.tmp\data\

C:\Users\Kimmy\AppData\Local\Temp\mia1





AskToolbar

The feature you are trying to use is on a network resourcethat is unavailable.

Click OK to try again, or enter an alternate path to afolder containing the installation package 

Ask Toolbar.msi in the box below.





C:\Users\Kimmy\AppData\Local\Temp\{DD798CD2-A9BD-4B0F-97DC-C2F989DF2305}\


----------



## Mark1956 (May 7, 2011)

Something went adrift with the formatting on your last post. Not sure why that would suddenly happen.

The ADWCleaner log is looking better, but we still have a few things to search for and delete which I will get to later today.

Meanwhile, Find: microsoft malware foundnothing. the search criteria is microsoft antimalware. Have another look.


----------



## kbmccarthy (Sep 12, 2010)

I ran the search for Microsoft Antimaleware search and this is the screen I got.

Searching from the selected event to the end of the list, there is no event that contains the specified string. To search all events, select the first event in the list and run the search again. (I was at the beginning of the list).


----------



## Mark1956 (May 7, 2011)

Ok, I think you are probably unable to find the log as MSE may not have detected anything so it didn't create one.

Just for one more check to see if anything else is coming back please reboot the system and run ADWCleaner again and post the log. See if you can get the format to come out as with previous logs you have posted, just makes them much easier to read.


----------



## kbmccarthy (Sep 12, 2010)

I have been using Internet Explorer instead of Firefox, so I am unsure if the hijacker is still working. If you want me to test Firefox let me know.
Here is the adwcleaner log

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 16:23:16
# Updated 05/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\staged
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js
[OK] File is clean.
File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]
*************************
AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]
AdwCleaner[S5].txt - [2142 octets] - [15/03/2013 09:46:37]
AdwCleaner[S6].txt - [2073 octets] - [16/03/2013 16:23:16]
########## EOF - C:\AdwCleaner[S6].txt - [2133 octets] ##########


----------



## Mark1956 (May 7, 2011)

I'm just placing this list of programs here for my own reference. They all need to be searched for and removed manually, but we will deal with that next.

StartNow Toolbar
Search Assistant WebSearch 1.74
Search-NewTab
McAfee Security Scan Plus
iLivid
Ask Toolbar
Auslogics BoostSpeed
Auslogics Registry Cleaner
Free Download Manager

First step is to rename the Google Preferences folder:

Open Windows Explorer, click on the C: drive in the left pane, then double click on each of these files in turn and look down the list to find the next one:

*C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default*

Then look down the contents of the *Default* folder to find *Preferences*, right click on it and select *Rename*, add *.old* to the name and close the window. When you launch Google the folder will be replaced and you will have to reset any of your preferences for start page, etc.

Before the next stage please tell me if the user ERBM still uses the PC, several of the detections above only exist in that account. If they no longer use the PC, navigate to C:\Users and delete the folder ERBM.

Then run ADWCleaner again and post the new log, also please tell me if the redirect is still happening in FF.


----------



## kbmccarthy (Sep 12, 2010)

I do not have a folder stream that flows in the order you gave me. Ex: there is no AppData under Kimmy. . there is no Kimmy under AppData. Since it wasn't exactly what you typed, I decided to let you know and wait.

Yes ERBM still uses the PC.


----------



## Mark1956 (May 7, 2011)

There won't be a Kimmy folder under Appdata, but there is an Appdata folder under Kimmy, ADWCleaner shows the location so it is definitely there, it is impossible for it to show a file location that does not exist.

Open Windows Explorer, single click on the C: drive in the left pane, scroll down the right hand pane and double click on the *Users *folder, then double click on *Kimmy*, *Appdata* should show near the top of the list, send me a screenshot so I can see what you are looking at.

You need to get into ERBM account and disable/uninstall *staged* from the Firefox Extensions. With Firefox open click on Tools, Add-ons and look under the Extensions tab.


----------



## kbmccarthy (Sep 12, 2010)

how do I send you a screen shot?


----------



## Mark1956 (May 7, 2011)

How to take a screen shot in Vista/Windows 7

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the bottom of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## kbmccarthy (Sep 12, 2010)

Working on ERBM
Here is the screen shot


----------



## Mark1956 (May 7, 2011)

I shall have to run my Vista PC to see how to get to the Appdata folder, it is in there but Vista does have an odd folder layout compared to Windows 7. I'll get back here in the morning.


----------



## kbmccarthy (Sep 12, 2010)

Switched user to ERBM, opened firefox, tools, add-ons, ext, nothing. I looked under the other tabs also and ran a search. There was nothing referring to Staged.


----------



## Mark1956 (May 7, 2011)

The Staged extension was removed by ADWCleaner so may be this time it hasn't come back.

Now for getting access to the *AppData* folder, it baffled me a bit as it is not a hidden folder in Windows 7 but in Vista it appears it is. When you open *Windows Explorer* to navigate to it you must first click on *Organize*, select *Folder and Search Options*, then click on the *View* tab. In the list of *Advanced settings* you will see *Hidden Files and Folders*, click on the circle next to* Show hidden files and folders *so it turns blue. Then click on *Apply* and *OK*, you should then be able to see the *AppData* folder and continue the search through the folders to find *Preferences* so you can rename it and complete the instructions I gave in post 62.

Let me know how it goes.


----------



## kbmccarthy (Sep 12, 2010)

The hijacker appears to be gone. I am not sure if this iis related, but loading tabs have become really slow. Here is the adwcleaner log.

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 02:22:08
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\ClickIT
Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Kimmy\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1363561315);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 32);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1363561315");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "46");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Mon Mar [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 34);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 43);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 46);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13d7a967c67cce81094bc3c7c7cd4dbc");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1363561315);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22726022);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22726026);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]
AdwCleaner[S5].txt - [2142 octets] - [15/03/2013 09:46:37]
AdwCleaner[S6].txt - [2202 octets] - [16/03/2013 16:23:16]
AdwCleaner[S7].txt - [11251 octets] - [20/03/2013 02:22:08]

########## EOF - C:\AdwCleaner[S7].txt - [11312 octets] ##########


----------



## Mark1956 (May 7, 2011)

Glad to here the hijack has gone, we are gradually breaking this down, the detections are getting less but a new one appeared 'PackageAware' under your user name and 'Crossrider' under the user ERBM, please ask this user not to make any changes to the system until we are finished.

We need to run a search for all the items that we are dealing with, please follow this.

Please download *SystemLook* for your operating system from one of the links below and save it to your Desktop.


*SystemLook (32-bit)*
*SystemLook (64-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:filefind
*StartNow*
*Websearch*
*Search-NewTab*
*iLivid*
*Auslogics*
*Free Download Manager*
*ClickIT*
*AVG Secure Search*
*AskToolbar*
*PackageAware*
*Crossrider*
:folderfind
*StartNow*
*Websearch*
*Search-NewTab*
*iLivid*
*Auslogics*
*Free Download Manager*
*ClickIT*
*AVG Secure Search*
*AskToolbar*
*PackageAware*
*Crossrider*
:Reg
StartNow
Websearch
Search-NewTab
iLivid
Auslogics
Free Download Manager
ClickIT
AVG Secure Search
AskToolbar
PackageAware
Crossrider
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## kbmccarthy (Sep 12, 2010)

I am not sure what happened, but every action seems to be taking forever to respond
The random untitled notebook is back.
ere is the SystemLook Log


----------



## Mark1956 (May 7, 2011)

You have not included the log.


----------



## kbmccarthy (Sep 12, 2010)

SystemLook 04.09.10 by jpshortstuff
Log created at 00:17 on 21/03/2013 by Kimmy
Administrator - Elevation successful

========== filefind ==========

Searching for "*StartNow*"
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\searchplugins\startnow.xml --a---- 2324 bytes [22:34 17/02/2013] [22:34 17/02/2013] 6F80FFCCFDA33A01B1B6D00469A118C4

Searching for "*Websearch*"
C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [20:34 16/03/2010] [11:30 26/07/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Apartment Life\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [20:34 16/03/2010] [11:30 26/07/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\websearch.gif --a---- 1137 bytes [06:42 29/12/2009] [12:23 04/08/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Bon Voyage\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [06:42 29/12/2009] [12:23 04/08/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [17:29 24/12/2009] [05:55 08/07/2009] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [17:29 24/12/2009] [05:55 08/07/2009] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\websearch.gif --a---- 1137 bytes [16:32 23/07/2011] [21:49 16/03/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Family Fun Stuff\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [16:32 23/07/2011] [21:49 16/03/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\websearch.gif --a---- 1137 bytes [19:47 28/03/2010] [00:23 15/05/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 H&M® Fashion Stuff\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [19:47 28/03/2010] [00:23 15/05/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [16:38 23/07/2011] [00:34 12/03/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [16:38 23/07/2011] [00:34 12/03/2008] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\websearch.gif --a---- 1137 bytes [00:20 16/02/2011] [22:42 06/02/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Open For Business\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [00:20 16/02/2011] [22:42 06/02/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\WebHelp_Skin_Files\XP_Green\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Pets\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [06:10 29/12/2009] [05:09 09/09/2006] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\websearch.gif --a---- 1137 bytes [01:14 09/11/2011] [05:16 26/01/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\Support\EA Help\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [01:14 09/11/2011] [05:16 26/01/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\en-us\websearch.gif --a---- 1137 bytes [20:22 28/12/2009] [11:20 02/10/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 Teen Style Stuff\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif --a---- 1137 bytes [20:22 28/12/2009] [11:20 02/10/2007] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Program Files (x86)\EA GAMES\The Sims 2 University\Support\EA Help\websearch.gif --a---- 1137 bytes [06:25 29/12/2009] [00:35 01/11/2005] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKLKHDJU\1090665-hijacked-websearch-good-results-start-5[1].htm --a---- 92800 bytes [16:56 17/03/2013] [16:57 17/03/2013] EF328584C4B229F8ED7C8FAED3D9A115
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKLKHDJU\1090665-hijacked-websearch-good-results-start-5[2].htm --a---- 109380 bytes [20:34 17/03/2013] [22:22 17/03/2013] 135AE075D365B5C04B9E4F84F3B3B24D
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4GAHBQQ\1090665-hijacked-websearch-good-results-start-2[1].htm --a---- 172104 bytes [07:10 20/03/2013] [07:10 20/03/2013] 6C9CAE5A0CB980A99F9BEE4FC15E11B2
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4GAHBQQ\1090665-hijacked-websearch-good-results-start[1].htm --a---- 267831 bytes [07:12 20/03/2013] [07:12 20/03/2013] 97ABE17DFB976034E8D277EAE5112A52
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDU10PTT\1090665-hijacked-websearch-good-results-start-5[1].htm --a---- 126029 bytes [23:58 17/03/2013] [23:58 17/03/2013] A339D85E6CEAE791C7CF3EE20BEA00EB
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VMT9NY7J\1090665-hijacked-websearch-good-results-start-3[1].htm --a---- 545535 bytes [11:02 15/03/2013] [11:02 15/03/2013] 02E1047FEF36BA5A19AF474CA1148DF1
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VMT9NY7J\1090665-hijacked-websearch-good-results-start-5[1].htm --a---- 98071 bytes [20:11 17/03/2013] [20:11 17/03/2013] 1C9F2896C6228CD785A391486B8B5EB6

Searching for "*Search-NewTab*"
C:\_OTM\MovedFiles\03092013_102757\C_ProgramData\Search-NewTab\data\Search-NewTab.dat --a---- 10760 bytes [16:37 14/02/2013] [16:38 14/02/2013] DEBF77C68ADD835547932EBB85AE5B1B

Searching for "*iLivid*"
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.dat --a--c- 257 bytes [14:28 01/10/2011] [14:31 01/10/2011] 8FF41AE3771D0741464B3CA49EAD1BE7
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.exe --a--c- 3025029 bytes [14:28 01/10/2011] [09:03 25/09/2011] BACF0CEC8F15984AA0C7826526C8399B
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.lnk --a--c- 0 bytes [14:28 01/10/2011] [14:31 01/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.msi --a--c- 265728 bytes [14:28 01/10/2011] [09:03 25/09/2011] 0D7B78C6DAB854B421FE0C65D687C0CB
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.par --a--c- 3106 bytes [14:28 01/10/2011] [14:31 01/10/2011] AF9ACBD227090FC98576D63E129ADA0D
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.res --a--c- 2566167 bytes [14:28 01/10/2011] [09:03 25/09/2011] EF9A130DC8CB0381C63A2659F4404DD1
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.dat --a--c- 257 bytes [14:28 01/10/2011] [14:31 01/10/2011] 8FF41AE3771D0741464B3CA49EAD1BE7
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.exe --a--c- 3025029 bytes [14:28 01/10/2011] [09:03 25/09/2011] BACF0CEC8F15984AA0C7826526C8399B
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.lnk --a--c- 0 bytes [14:28 01/10/2011] [14:31 01/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.msi --a--c- 265728 bytes [14:28 01/10/2011] [09:03 25/09/2011] 0D7B78C6DAB854B421FE0C65D687C0CB
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.par --a--c- 3106 bytes [14:28 01/10/2011] [14:31 01/10/2011] AF9ACBD227090FC98576D63E129ADA0D
C:\Users\All Users\{2E51849B-6C53-4B47-9E70-462912833018}\iLividSetupV1.res --a--c- 2566167 bytes [14:28 01/10/2011] [09:03 25/09/2011] EF9A130DC8CB0381C63A2659F4404DD1
C:\Users\Kimmy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 864 bytes [18:14 27/12/2012] [18:14 27/12/2012] E1EA1CBCFD5001D8EE090F65CEF9809E
C:\Users\Kimmy\Downloads\iLividSetup.exe --a---- 1304096 bytes [18:10 27/12/2012] [18:11 27/12/2012] EBE2CD07950E09F499D4A193B8F37321
C:\Users\Kimmy\Downloads\iLividSetupV1(1).exe --a---- 2118936 bytes [14:28 01/10/2011] [14:28 01/10/2011] ED0A2B981FA40DD884C11A500B992C35
C:\Users\Kimmy\Downloads\iLividSetupV1(2).exe --a---- 2118936 bytes [14:29 01/10/2011] [14:29 01/10/2011] ED0A2B981FA40DD884C11A500B992C35
C:\Users\Kimmy\Downloads\iLividSetupV1(3).exe --a---- 2118936 bytes [14:30 01/10/2011] [14:30 01/10/2011] ED0A2B981FA40DD884C11A500B992C35
C:\Users\Kimmy\Downloads\iLividSetupV1.exe --a---- 2118936 bytes [14:26 01/10/2011] [14:26 01/10/2011] ED0A2B981FA40DD884C11A500B992C35

Searching for "*Auslogics*"
No files found.

Searching for "*Free Download Manager*"
No files found.

Searching for "*ClickIT*"
No files found.

Searching for "*AVG Secure Search*"
No files found.

Searching for "*AskToolbar*"
No files found.

Searching for "*PackageAware*"
No files found.

Searching for "*Crossrider*"
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\[email protected]\chrome\content\crossrider.js --a---- 28281 bytes [19:42 06/03/2013] [00:56 14/02/2013] ED20BBA6B9DAFDE18F3CF2F25A354C30
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\[email protected]\chrome\content\crossriderapi.js --a---- 13959 bytes [19:42 06/03/2013] [00:56 14/02/2013] B34F2ECFFD435CC9856B9DD81C9C59AA
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\[email protected]\chrome\content\CrossriderEXT.js --a---- 27 bytes [19:42 06/03/2013] [00:56 14/02/2013] 1991AA2FD78D168266CAE511C1304275
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\extensions\[email protected]\skin\crossrider_statusbar.png --a---- 1361 bytes [19:42 06/03/2013] [00:56 14/02/2013] 8B1EB9CB80417EC0022D278A44AB1DC7

========== folderfind ==========

Searching for "*StartNow*"
C:\Users\ERBM\AppData\Local\StartNow d------ [22:26 19/09/2012]

Searching for "*Websearch*"
No folders found.

Searching for "*Search-NewTab*"
C:\_OTM\MovedFiles\03092013_102757\C_ProgramData\Search-NewTab d------ [15:37 29/01/2013]

Searching for "*iLivid*"
No folders found.

Searching for "*Auslogics*"
C:\Program Files (x86)\Auslogics d------ [22:07 27/11/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics d------ [22:07 27/11/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Auslogics d------ [22:07 27/11/2012]
C:\Users\Kimmy\AppData\Roaming\Auslogics d------ [22:09 27/11/2012]
C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue\Auslogics Registry Cleaner d------ [22:09 27/11/2012]

Searching for "*Free Download Manager*"
C:\Users\Kimmy\AppData\Roaming\Free Download Manager d------ [03:23 04/12/2012]

Searching for "*ClickIT*"
C:\ProgramData\ClickIT d------ [15:37 29/01/2013]
C:\Users\All Users\ClickIT d------ [15:37 29/01/2013]

Searching for "*AVG Secure Search*"
C:\Users\ERBM\AppData\Local\AVG Secure Search d------ [22:18 02/03/2013]
C:\Users\Kimmy\AppData\Local\AVG Secure Search d------ [07:25 20/03/2013]
C:\_OTL\MovedFiles\03102013_132030\c_Program Files (x86)\Common Files\AVG Secure Search d------ [00:39 01/03/2013]
C:\_OTL\MovedFiles\03102013_132030\C_Users\Kimmy\AppData\Local\AVG Secure Search d------ [07:12 02/03/2013]

Searching for "*AskToolbar*"
C:\Users\ERBM\AppData\LocalLow\AskToolbar d------ [15:03 22/09/2012]

Searching for "*PackageAware*"
No folders found.

Searching for "*Crossrider*"
No folders found.

========== Reg ==========

[StartNow]
Hive unrecognized.

[Websearch]
Hive unrecognized.

[Search-NewTab]
Hive unrecognized.

[iLivid]
Hive unrecognized.

[Auslogics]
Hive unrecognized.

[Free Download Manager]
Hive unrecognized.

[ClickIT]
Hive unrecognized.

[AVG Secure Search]
Hive unrecognized.

[AskToolbar]
Hive unrecognized.

[PackageAware]
Hive unrecognized.

[Crossrider]
Hive unrecognized.

Invalid Context: Commands

No Context: [createrestorepoint]

No Context: [emptyflash]

No Context: [emptytemp]

No Context: [resethosts]

No Context: [reboot]

-= EOF =-


----------



## Mark1956 (May 7, 2011)

Ok, there is a bunch of stuff to remove, when you have done the following reboot the system and run ADWCleaner again and post the new log.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\sea rchplugins\startnow.xml
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKLKHDJU
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4GAHBQQ
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDU10PTT
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VMT9NY7J
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}
C:\Users\Kimmy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
C:\Users\Kimmy\Downloads\iLividSetup.exe 
C:\Users\Kimmy\Downloads\iLividSetupV1(1).exe
C:\Users\Kimmy\Downloads\iLividSetupV1(2).exe
C:\Users\Kimmy\Downloads\iLividSetupV1(3).exe
C:\Users\Kimmy\Downloads\iLividSetupV1.exe
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\crossrider.js
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\crossriderapi.js
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\CrossriderEXT.js
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\skin\crossrider_statusbar.png
C:\Users\ERBM\AppData\Local\StartNow
C:\Program Files (x86)\Auslogics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Auslogics
C:\Users\Kimmy\AppData\Roaming\Auslogics
C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue\Auslogics Registry Cleaner
C:\Users\Kimmy\AppData\Roaming\Free Download Manager
C:\ProgramData\ClickIT
C:\Users\All Users\ClickIT
C:\Users\ERBM\AppData\Local\AVG Secure Search
C:\Users\Kimmy\AppData\Local\AVG Secure Search
C:\Users\ERBM\AppData\LocalLow\AskToolbar

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.
 -- Note: The logs are saved here: C:\_OTM\MovedFiles


Please also run this after the reboot:

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.


----------



## kbmccarthy (Sep 12, 2010)

Was there a log for TFC?

OTM Log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\sea rchplugins\startnow.xml not found.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKLKHDJU folder moved successfully.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4GAHBQQ folder moved successfully.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDU10PTT folder moved successfully.
C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VMT9NY7J folder moved successfully.
C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018} folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk moved successfully.
C:\Users\Kimmy\Downloads\iLividSetup.exe moved successfully.
C:\Users\Kimmy\Downloads\iLividSetupV1(1).exe moved successfully.
C:\Users\Kimmy\Downloads\iLividSetupV1(2).exe moved successfully.
C:\Users\Kimmy\Downloads\iLividSetupV1(3).exe moved successfully.
C:\Users\Kimmy\Downloads\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\crossrider.js not found.
File/Folder C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\crossriderapi.js not found.
File/Folder C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\chrome\content\CrossriderEXT.js not found.
File/Folder C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\ext ensions\[email protected]\skin\crossrider_statusbar.png not found.
C:\Users\ERBM\AppData\Local\StartNow folder moved successfully.
C:\Program Files (x86)\Auslogics folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics folder moved successfully.
File/Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Auslogics not found.
C:\Users\Kimmy\AppData\Roaming\Auslogics\Track Eraser folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue\Boost Speed folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue\Auslogics Registry Cleaner folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\BoostSpeed\User Reports folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\BoostSpeed\Logs folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics\BoostSpeed folder moved successfully.
C:\Users\Kimmy\AppData\Roaming\Auslogics folder moved successfully.
File/Folder C:\Users\Kimmy\AppData\Roaming\Auslogics\Rescue\Auslogics Registry Cleaner not found.
C:\Users\Kimmy\AppData\Roaming\Free Download Manager folder moved successfully.
C:\ProgramData\ClickIT\Setup folder moved successfully.
C:\ProgramData\ClickIT folder moved successfully.
File/Folder C:\Users\All Users\ClickIT not found.
C:\Users\ERBM\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\ERBM\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\ERBM\AppData\Local\AVG Secure Search folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search folder moved successfully.
C:\Users\ERBM\AppData\LocalLow\AskToolbar folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: cantstandyou

User: Default

User: Default User

User: ERBM
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kimmy
->Flash cache emptied: 9306 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: cantstandyou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ERBM
->Temp folder emptied: 405956 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4484350 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimmy
->Temp folder emptied: 99222674 bytes
->Temporary Internet Files folder emptied: 103607665 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 360078696 bytes
->Google Chrome cache emptied: 18660635 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 588563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 24620 bytes

Total Files Cleaned = 560.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 03232013_073225

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

AdwCleaner Log

# AdwCleaner v2.115 - Logfile created 03/23/2013 at 18:43:38
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1364063181);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 33);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1364063181");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1364063181");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Sat Mar 23 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22/**/%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Mar 23 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sat Mar 30 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1364063196");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221363714966%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221363714966%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1364063204650");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22161630%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1364063192800");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "47");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sat Mar [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 35);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,100[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 44);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 47);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13d7a967c67cce81094bc3c7c7cd4dbc");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1364063180);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22734386);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22734388);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]
AdwCleaner[S5].txt - [2142 octets] - [15/03/2013 09:46:37]
AdwCleaner[S6].txt - [2202 octets] - [16/03/2013 16:23:16]
AdwCleaner[S7].txt - [11382 octets] - [20/03/2013 02:22:08]
AdwCleaner[S8].txt - [14478 octets] - [23/03/2013 18:43:38]

########## EOF - C:\AdwCleaner[S8].txt - [14539 octets] ##########


----------



## Mark1956 (May 7, 2011)

Things are looking good, how is it at your end?


----------



## kbmccarthy (Sep 12, 2010)

You seem to have slayed the dragon. Bravo. I am still curious about the untitled notepad that opens randomly and the slowed processing speed.


----------



## Mark1956 (May 7, 2011)

It does look like we are getting there, we appear to have killed a few of the Adware items but Crossrider and AVG Secure Search both came back in the last ADWCleaner scan so we need to keep scanning until nothing shows as returning.

I'd like you to now run OTL again with a pre-made script, post the log when done and then run ADWCleaner again and post that log also.

Please right-click on the link below and select "Save target as..." or "Save Link as...", click on Desktop in the left pane and type in the filename as Fix.txt then click on Save.
Vista or Win 7, 64 bit: Vista or Win 7 64 bit

Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)

Click the *Run Fix* button at the top.
You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK.
When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt click on it so it is highlighted and then click on Open.
Some text will appear in the Custom scans/Fixes box.
Click the *Run Fix* button.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The file will also be available at
C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


----------



## kbmccarthy (Sep 12, 2010)

Here is the OTL log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Kimmy\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Kimmy\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Kimmy\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Kimmy\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Kimmy\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Kimmy\Downloads\iLividSetupV1.exe not found.
File/Folder C:\Users\Kimmy\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Kimmy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Kimmy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kimmy\Desktop\cmd.bat deleted successfully.
C:\Users\Kimmy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: cantstandyou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ERBM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimmy
->Temp folder emptied: 1008894 bytes
->Temporary Internet Files folder emptied: 42527 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 311311126 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2966 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 32945 bytes

Total Files Cleaned = 298.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03252013_160308

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## kbmccarthy (Sep 12, 2010)

Here is the adwcleaner log
# AdwCleaner v2.115 - Logfile created 03/25/2013 at 16:12:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\ERBM\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Kimmy\AppData\Local\AVG Secure Search

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]
AdwCleaner[S5].txt - [2142 octets] - [15/03/2013 09:46:37]
AdwCleaner[S6].txt - [2202 octets] - [16/03/2013 16:23:16]
AdwCleaner[S7].txt - [11382 octets] - [20/03/2013 02:22:08]
AdwCleaner[S8].txt - [14609 octets] - [23/03/2013 18:43:38]
AdwCleaner[S9].txt - [1657 octets] - [25/03/2013 16:12:17]

########## EOF - C:\AdwCleaner[S9].txt - [1717 octets] ##########


----------



## Mark1956 (May 7, 2011)

We have nearly got there now, just AVG Secure Search keeps coming back, so one more search and we should be able to kill it.

Please run SystemLook again and copy the contents of the code box into the main text field and run the search, post the results when done.

```
:filefind
*avg*
:folderfind
*avg*
:reg
avg
```


----------



## kbmccarthy (Sep 12, 2010)

SystemLook 04.09.10 by jpshortstuff
Log created at 09:23 on 26/03/2013 by Kimmy
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Foldit\cmp-database-04a4965636d3383b893c502e9fbf4b4f\rosetta_database\scoring\sasa_scores\avge_datafile_score12prime_v1.txt --a---- 13146 bytes [16:53 19/07/2008] [16:53 19/07/2008] 83F78F0583FE8122155CD58BDA2CDD86
C:\Program Files (x86)\AVG SafeGuard toolbar\AVG SafeGuard toolbar --a---- 19120 bytes [00:39 01/03/2013] [00:39 01/03/2013] C55762149AA91493642328FCD5F5E88A
C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll --a---- 1929392 bytes [00:39 01/03/2013] [00:39 01/03/2013] 229F0412FE86BE4B07674AB96D49ECD5
C:\Users\ERBM\AppData\Local\Google\Picasa2\db3\imagedata_avgcolor.pmp --a---- 392 bytes [19:12 27/06/2012] [19:17 27/06/2012] 0B16E0627E2C3A350AA901C29DBE7550
C:\Users\Kimmy\AppData\Local\Google\Picasa2\db3\imagedata_avgcolor.pmp --a---- 7924 bytes [14:51 29/07/2012] [14:54 29/07/2012] F26A38A62DA88F1B41276565381B615D
C:\_OTL\MovedFiles\03102013_132030\c_Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.2.0\avgdttbx.dll --a---- 568496 bytes [00:39 01/03/2013] [00:39 01/03/2013] 6AC0C03A56DEA8DB373754EA75D8773E
C:\_OTL\MovedFiles\03102013_132030\c_Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.2.0\AVGRewardsWorker.dll --a---- 562352 bytes [00:39 01/03/2013] [00:39 01/03/2013] 21510BA1BA2211ACCA82C18DF6845D0A
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1\avg.crx --a---- 237106 bytes [00:39 01/03/2013] [00:39 01/03/2013] 571457A7B56C1BA2BC25D5108F66C34C
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\chrome\avg.jar --a---- 97648 bytes [00:39 01/03/2013] [00:39 01/03/2013] AA8AF897031F8E47C02716AC8469CAA3
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\components\avg-dnt-policy.js --a---- 20618 bytes [00:39 01/03/2013] [00:39 01/03/2013] FA94F570056491E7C6DFFDE860691E17
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avg-dnt-adapter.js --a---- 4187 bytes [00:39 01/03/2013] [00:39 01/03/2013] 1F9E923FFFB7778B71AAE6D8F63496C9
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avg.xml --a---- 3664 bytes [00:39 01/03/2013] [00:39 01/03/2013] 083F9B4B221AD3A18F7DDC6814102E89
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avgJsm.js --a---- 2586 bytes [00:39 01/03/2013] [00:39 01/03/2013] 81DF2FFEA048B9D4C7D64E59A008F7E8
C:\_OTL\MovedFiles\03102013_132030\C_Windows\SysNative\drivers\avgtpx64.sys --a---- 39768 bytes [00:39 01/03/2013] [00:39 01/03/2013] 90CF04574CF47B19EE5B2FE41BA52B32
C:\_OTM\MovedFiles\03232013_073225\C_Users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKLKHDJU\compose2_R4Ha4KywMFOLxUcznIpAvg2[1].css --a---- 371 bytes [21:33 18/03/2013] [21:33 18/03/2013] 4781DAE0ACB030538BC547339C8A40BE

========== folderfind ==========

Searching for "*avg*"
C:\Program Files (x86)\AVG SafeGuard toolbar d------ [00:39 01/03/2013]
C:\Users\ERBM\AppData\Local\AVG Secure Search d------ [18:26 23/03/2013]
C:\Users\Kimmy\AppData\Local\AVG Secure Search d------ [21:15 25/03/2013]
C:\Users\Kimmy\AppData\LocalLow\AVG SafeGuard toolbar d------ [00:39 01/03/2013]
C:\_OTL\MovedFiles\03102013_132030\c_Program Files (x86)\Common Files\AVG Secure Search d------ [00:39 01/03/2013]
C:\_OTL\MovedFiles\03102013_132030\C_ProgramData\AVG SafeGuard toolbar d------ [00:39 01/03/2013]
C:\_OTL\MovedFiles\03102013_132030\C_Users\Kimmy\AppData\Local\AVG SafeGuard toolbar d------ [00:39 01/03/2013]
C:\_OTL\MovedFiles\03102013_132030\C_Users\Kimmy\AppData\Local\AVG Secure Search d------ [07:12 02/03/2013]
C:\_OTM\MovedFiles\03232013_073225\C_Users\ERBM\AppData\Local\AVG Secure Search d------ [22:18 02/03/2013]
C:\_OTM\MovedFiles\03232013_073225\C_Users\Kimmy\AppData\Local\AVG Secure Search d------ [07:25 20/03/2013]

========== reg ==========

[avg]
Hive unrecognized.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

Ok, this should finish the job with the Adware. Run OTM just as in post 76 and use this script in the code box below.


```
:Processes 
explorer.exe 
:Files
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Users\ERBM\AppData\Local\AVG Secure Search
C:\Users\Kimmy\AppData\Local\AVG Secure Search
C:\Users\Kimmy\AppData\LocalLow\AVG SafeGuard toolbar
:Commands 
[createrestorepoint] 
[emptyflash] 
[emptytemp] 
[resethosts] 
[reboot]
```
When done post the log produced and then run ADWCleaner (hopefully for the last time) and post the log from that.

Please the run the system for a while and see if the slow performance and the random Notepad pop up is still occurring.


----------



## kbmccarthy (Sep 12, 2010)

Here are the OTM and ADWcleaner logs. Let me know if everything is as it should be, and I will proceed and get back to you next weekend for update.

OTM log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Licenses folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1 folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar folder moved successfully.
C:\Users\ERBM\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\ERBM\AppData\Local\AVG Secure Search folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\Kimmy\AppData\Local\AVG Secure Search folder moved successfully.
C:\Users\Kimmy\AppData\LocalLow\AVG SafeGuard toolbar\cache folder moved successfully.
C:\Users\Kimmy\AppData\LocalLow\AVG SafeGuard toolbar folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: cantstandyou

User: Default

User: Default User

User: ERBM
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kimmy
->Flash cache emptied: 1393 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: cantstandyou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ERBM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimmy
->Temp folder emptied: 1100922 bytes
->Temporary Internet Files folder emptied: 95182 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 175118190 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30150 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 162 bytes

Total Files Cleaned = 168.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 03262013_121557

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Adwcleaner log

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 12:24:02
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Kimmy - COMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S10].txt - [1039 octets] - [26/03/2013 12:24:02]
AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 23:01:26]
AdwCleaner[S2].txt - [5829 octets] - [01/03/2013 10:58:17]
AdwCleaner[S3].txt - [2718 octets] - [02/03/2013 01:44:34]
AdwCleaner[S4].txt - [2872 octets] - [10/03/2013 14:49:51]
AdwCleaner[S5].txt - [2142 octets] - [15/03/2013 09:46:37]
AdwCleaner[S6].txt - [2202 octets] - [16/03/2013 16:23:16]
AdwCleaner[S7].txt - [11382 octets] - [20/03/2013 02:22:08]
AdwCleaner[S8].txt - [14609 octets] - [23/03/2013 18:43:38]
AdwCleaner[S9].txt - [1786 octets] - [25/03/2013 16:12:17]

########## EOF - C:\AdwCleaner[S10].txt - [1643 octets] ##########


----------



## Mark1956 (May 7, 2011)

We finally have a clean log. I shall wait to hear from you.


----------



## kbmccarthy (Sep 12, 2010)

when I restarted my computer this came up. I don't know what it is or if a button was pushed accidentally to cause it to run. Otherwise everything else is doing fine, although I still have have the unexplained untitled notepad.

Charter Email 
  
 
 [TR] [TD] [URL=javascript:'']javascript:''
[/TD] [TD]
 [/TD] [/TR] [TR] [TD] 
[URL=[URL=]Contact Us


 Charter.com© 2011 Charter Communications

[/TD] [/TR]


----------



## kbmccarthy (Sep 12, 2010)

don't know if related, but paypal will not connect to let me sign in


----------



## Mark1956 (May 7, 2011)

The page you posted above looks like the code for a web page so unless it appears again it should not be anything to worry about, as you said you probably hit something by mistake.

So all we have to deal with is the Notepad popping up and now paypal will not connect.

OTM reset the hosts file so I doubt there will be an entry in there that is blocking PayPal, but we shall run this scan below to check the internet settings and a few other items.

Please describe what happens with Notepad so I get a clear picture of what you are seeing.

Please download *Farbar Service Scanner* and run it on the computer with the issue.


Put a check mark in all the boxes.
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log into your reply.


----------



## kbmccarthy (Sep 12, 2010)

I am sorry I haven't posted your last requests, I am studying for another anatomy test. It will be after the 10th before I will be able to focus on anything else. Sorry for the inconvenience.


----------



## Mark1956 (May 7, 2011)

No problem at all, just post when you have the time.


----------



## kbmccarthy (Sep 12, 2010)

I have not been able to determine a pattern to the random untitled notepad. It occurs whether I am on the internet or not. Performance still seems a little slow, but not unbearable. If we are coming to an end of this journey, what do I do with the programs I have downloaded during this process and what programs and settings do I need to prevent this from happening in the future?

Farbar Service Scanner Version: 03-03-2013
Ran by Kimmy (administrator) on 07-04-2013 at 04:06:28
Running from "C:\Users\Kimmy\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2011-02-18 17:58] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-06-18 12:46] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-18 18:02] - [2013-01-04 06:31] - 1417576 ____A (Microsoft Corporation) 2860D16C5021F72130212DDB1C53018F

C:\Windows\System32\dnsrslvr.dll
[2011-04-17 14:41] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2011-02-18 17:58] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2011-02-18 17:57] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2011-02-18 17:59] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2011-02-18 17:57] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2011-02-18 17:58] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2011-02-18 17:59] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2011-02-18 17:59] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 16:42] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-02-18 17:59] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****


----------



## Mark1956 (May 7, 2011)

The scan above found no problems. All the tools used will be removed when we have finished, specific instructions are required to uninstall Combofix so don't remove it manually.

I believe most of your problems were due to Adware, we have yet to discover about the Notepad anomaly. Keeping ADWCleaner should keep most Adware items off your system, many of them get installed with other software without you noticing.

There was one entry missed by an earlier scan using OTM to remove a bunch of files, it was caused by a space being inserted due to a format issue on this site.

Please run OTM and use this script to delete it:

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\searchplugins\startnow.xml 
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles 

=================================================================

Please run this tool and post the log.

1. Download Malwarebytes Anti-Rootkit from this link Mbar
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run *mbar.exe*










4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:










5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.










7. The following image opens, select Update










8. When the update completes select Next.










9. In the following window ensure "Targets" are ticked. Then select "Scan"










10. If an infection is found select the *"Cleanup Button"* to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.










11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click *"Cleanup Button"* once more and repeat the process.
12. If no threats were found you will see the following image, Select *Exit*:










13. Verify that your system is now running normally, making sure that the following items are functional:


Internet access
 Windows Update
 Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or *other system* issues, then run the *'fixdamage'* tool included within Malwarebytes Anti-Rootkit folder.










15. The following Window will open, Select *"Y"* from your Keyboard, tap Enter.










16. The fix will be applied, select any key to Exit.










15. Let me know how your system now responds. Copy and paste the two following logs from the *mbar* folder:

*System - log*
*Mbar - log* Date and time of scan will also be shown


----------



## kbmccarthy (Sep 12, 2010)

Don't know if this is related to anything we have done, but I have .docx and temp files showing up under documents the have names starting with ~ and I can not open them.

Here are the logs

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4192485376, free: 2267000832

------------ Kernel report ------------
04/08/2013 19:19:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\hpcisss.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu160m.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\djsvs.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\i2omp.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\iteatapi.sys
\SystemRoot\system32\drivers\iteraid.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\megasr.sys
\SystemRoot\system32\drivers\mraid35x.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\sisraid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\symc8xx.sys
\SystemRoot\system32\drivers\sym_hi.sys
\SystemRoot\system32\drivers\sym_u3.sys
\SystemRoot\system32\drivers\uliahci.sys
\SystemRoot\system32\drivers\ulsata.sys
\SystemRoot\system32\drivers\ulsata2.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\RTSTOR64.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004e9e790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004c6d050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.08.09
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004e9e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e9e210, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e9e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004e99b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004c6d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff880120efab0, 0xfffffa8004e9e790, 0xfffffa80066a1080
Lower DeviceData: 0xfffff8800ed5fe00, 0xfffffa8004c6d050, 0xfffffa800663b580
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7784295B

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 598982593
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 598982656 Numsec = 26152960

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


----------



## Mark1956 (May 7, 2011)

That scan has come up clean. The temp files you see starting with ~ are just temp files and should disappear on reboot, I see them on my own system from time to time and are nothing to worry about.

Please now run the system file checker.


Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /) 
Let the check run to completion. *DO NOT* reboot the PC or close the *cmd* window.
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Copy the file and Paste it into your next post.


----------



## kbmccarthy (Sep 12, 2010)

Made a 97 on the test. Haven't had any trouble. Here is the log

2013-04-16 16:09:46, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:46, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:48, Info CSI 00000009 [SR] Verify complete
2013-04-16 16:09:48, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:48, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:50, Info CSI 0000000d [SR] Verify complete
2013-04-16 16:09:50, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:50, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:52, Info CSI 00000011 [SR] Verify complete
2013-04-16 16:09:52, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:52, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:54, Info CSI 00000015 [SR] Verify complete
2013-04-16 16:09:54, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:54, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:58, Info CSI 00000019 [SR] Verify complete
2013-04-16 16:09:58, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:58, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:00, Info CSI 0000001d [SR] Verify complete
2013-04-16 16:10:00, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:00, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:02, Info CSI 00000021 [SR] Verify complete
2013-04-16 16:10:02, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:02, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:04, Info CSI 00000025 [SR] Verify complete
2013-04-16 16:10:05, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:05, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:06, Info CSI 00000029 [SR] Verify complete
2013-04-16 16:10:07, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:07, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:08, Info CSI 0000002d [SR] Verify complete
2013-04-16 16:10:09, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:09, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:11, Info CSI 00000031 [SR] Verify complete
2013-04-16 16:10:11, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:11, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:13, Info CSI 00000035 [SR] Verify complete
2013-04-16 16:10:13, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:13, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:15, Info CSI 00000039 [SR] Verify complete
2013-04-16 16:10:15, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:15, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:17, Info CSI 0000003d [SR] Verify complete
2013-04-16 16:10:17, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:17, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:19, Info CSI 00000041 [SR] Verify complete
2013-04-16 16:10:20, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:20, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:21, Info CSI 00000045 [SR] Verify complete
2013-04-16 16:10:22, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:22, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:24, Info CSI 00000049 [SR] Verify complete
2013-04-16 16:10:24, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:24, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:26, Info CSI 0000004d [SR] Verify complete
2013-04-16 16:10:26, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:26, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:28, Info CSI 00000051 [SR] Verify complete
2013-04-16 16:10:28, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:28, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:31, Info CSI 00000055 [SR] Verify complete
2013-04-16 16:10:31, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:31, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:36, Info CSI 00000059 [SR] Verify complete
2013-04-16 16:10:36, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:36, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:38, Info CSI 0000005d [SR] Verify complete
2013-04-16 16:10:39, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:39, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:42, Info CSI 00000061 [SR] Verify complete
2013-04-16 16:10:42, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:42, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:44, Info CSI 00000065 [SR] Verify complete
2013-04-16 16:10:44, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:44, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:46, Info CSI 00000069 [SR] Verify complete
2013-04-16 16:10:47, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:47, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:48, Info CSI 0000006d [SR] Verify complete
2013-04-16 16:10:49, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:49, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:51, Info CSI 00000071 [SR] Verify complete
2013-04-16 16:10:52, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:52, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:54, Info CSI 00000075 [SR] Verify complete
2013-04-16 16:10:55, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:55, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:57, Info CSI 00000079 [SR] Verify complete
2013-04-16 16:10:57, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:57, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:59, Info CSI 0000007d [SR] Verify complete
2013-04-16 16:11:00, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:00, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:01, Info CSI 00000081 [SR] Verify complete
2013-04-16 16:11:02, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:02, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:04, Info CSI 00000085 [SR] Verify complete
2013-04-16 16:11:05, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:05, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:10, Info CSI 00000089 [SR] Verify complete
2013-04-16 16:11:11, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:11, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:16, Info CSI 0000008f [SR] Verify complete
2013-04-16 16:11:16, Info CSI 00000090 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:16, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:25, Info CSI 00000094 [SR] Verify complete
2013-04-16 16:11:26, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:26, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:32, Info CSI 0000009a [SR] Verify complete
2013-04-16 16:11:33, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:33, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:41, Info CSI 0000009e [SR] Verify complete
2013-04-16 16:11:41, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:41, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:57, Info CSI 000000c2 [SR] Verify complete
2013-04-16 16:11:57, Info CSI 000000c3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:57, Info CSI 000000c4 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:04, Info CSI 000000c9 [SR] Verify complete
2013-04-16 16:12:05, Info CSI 000000ca [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:05, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:13, Info CSI 000000cd [SR] Verify complete
2013-04-16 16:12:14, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:14, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:20, Info CSI 000000d1 [SR] Verify complete
2013-04-16 16:12:21, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:21, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:31, Info CSI 000000d5 [SR] Verify complete
2013-04-16 16:12:31, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:31, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:46, Info CSI 000000d9 [SR] Verify complete
2013-04-16 16:12:46, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:46, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:59, Info CSI 000000f3 [SR] Verify complete
2013-04-16 16:12:59, Info CSI 000000f4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:59, Info CSI 000000f5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:18, Info CSI 000000f7 [SR] Verify complete
2013-04-16 16:13:19, Info CSI 000000f8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:19, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:39, Info CSI 000000fb [SR] Verify complete
2013-04-16 16:13:39, Info CSI 000000fc [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:39, Info CSI 000000fd [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:46, Info CSI 000000ff [SR] Verify complete
2013-04-16 16:13:47, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:47, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:50, Info CSI 00000103 [SR] Verify complete
2013-04-16 16:13:51, Info CSI 00000104 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:51, Info CSI 00000105 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:53, Info CSI 00000107 [SR] Verify complete
2013-04-16 16:13:54, Info CSI 00000108 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:54, Info CSI 00000109 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:57, Info CSI 0000010b [SR] Verify complete
2013-04-16 16:13:58, Info CSI 0000010c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:58, Info CSI 0000010d [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:19, Info CSI 00000120 [SR] Verify complete
2013-04-16 16:14:19, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:19, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:21, Info CSI 00000124 [SR] Verify complete
2013-04-16 16:14:22, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:22, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:27, Info CSI 00000128 [SR] Verify complete
2013-04-16 16:14:27, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:27, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:30, Info CSI 0000012c [SR] Verify complete
2013-04-16 16:14:31, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:31, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:40, Info CSI 00000130 [SR] Verify complete
2013-04-16 16:14:41, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:41, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:53, Info CSI 00000134 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:14:55, Info CSI 00000138 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:14:58, Info CSI 0000013b [SR] Verify complete
2013-04-16 16:14:59, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:59, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:02, Info CSI 0000013f [SR] Verify complete
2013-04-16 16:15:03, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:03, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:11, Info CSI 00000143 [SR] Verify complete
2013-04-16 16:15:12, Info CSI 00000144 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:12, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:19, Info CSI 00000147 [SR] Verify complete
2013-04-16 16:15:19, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:19, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:30, Info CSI 0000014b [SR] Verify complete
2013-04-16 16:15:30, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:30, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:48, Info CSI 00000165 [SR] Verify complete
2013-04-16 16:15:48, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:48, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:05, Info CSI 00000169 [SR] Verify complete
2013-04-16 16:16:05, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:05, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:37, Info CSI 0000016d [SR] Verify complete
2013-04-16 16:16:38, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:38, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:55, Info CSI 00000171 [SR] Verify complete
2013-04-16 16:16:56, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:56, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:08, Info CSI 00000175 [SR] Verify complete
2013-04-16 16:17:09, Info CSI 00000176 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:09, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:17, Info CSI 00000179 [SR] Verify complete
2013-04-16 16:17:17, Info CSI 0000017a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:17, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:25, Info CSI 0000017d [SR] Verify complete
2013-04-16 16:17:26, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:26, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:33, Info CSI 00000183 [SR] Verify complete
2013-04-16 16:17:33, Info CSI 00000184 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:33, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:54, Info CSI 00000187 [SR] Verify complete
2013-04-16 16:17:55, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:55, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:07, Info CSI 0000018b [SR] Verify complete
2013-04-16 16:18:08, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:08, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:16, Info CSI 0000018f [SR] Verify complete
2013-04-16 16:18:16, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:16, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:27, Info CSI 00000193 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:18:32, Info CSI 00000195 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:18:32, Info CSI 00000196 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:18:34, Info CSI 00000198 [SR] Verify complete
2013-04-16 16:18:35, Info CSI 00000199 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:35, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:46, Info CSI 0000019c [SR] Verify complete
2013-04-16 16:18:46, Info CSI 0000019d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:46, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:59, Info CSI 000001a0 [SR] Verify complete
2013-04-16 16:18:59, Info CSI 000001a1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:59, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:16, Info CSI 000001a5 [SR] Verify complete
2013-04-16 16:19:17, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:17, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:27, Info CSI 000001a9 [SR] Verify complete
2013-04-16 16:19:27, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:27, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:34, Info CSI 000001ad [SR] Verify complete
2013-04-16 16:19:34, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:34, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:42, Info CSI 000001b2 [SR] Verify complete
2013-04-16 16:19:42, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:42, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:52, Info CSI 000001b7 [SR] Verify complete
2013-04-16 16:19:53, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:53, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:07, Info CSI 000001e0 [SR] Verify complete
2013-04-16 16:20:07, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:07, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:14, Info CSI 000001e4 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:20:14, Info CSI 000001e6 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:20:15, Info CSI 000001ea [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:20:15, Info CSI 000001ec [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:20:18, Info CSI 000001f1 [SR] Verify complete
2013-04-16 16:20:19, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:19, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:32, Info CSI 000001f5 [SR] Verify complete
2013-04-16 16:20:32, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:32, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:40, Info CSI 000001f9 [SR] Verify complete
2013-04-16 16:20:41, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:41, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:44, Info CSI 000001fd [SR] Verify complete
2013-04-16 16:20:45, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:45, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:54, Info CSI 00000201 [SR] Verify complete
2013-04-16 16:20:55, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:55, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:03, Info CSI 00000205 [SR] Verify complete
2013-04-16 16:21:03, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:03, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:13, Info CSI 00000209 [SR] Verify complete
2013-04-16 16:21:14, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:14, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:35, Info CSI 0000020d [SR] Verify complete
2013-04-16 16:21:35, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:35, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:40, Info CSI 00000211 [SR] Verify complete
2013-04-16 16:21:41, Info CSI 00000212 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:41, Info CSI 00000213 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:47, Info CSI 00000215 [SR] Verify complete
2013-04-16 16:21:48, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:48, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:01, Info CSI 00000222 [SR] Verify complete
2013-04-16 16:22:02, Info CSI 00000223 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:02, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:07, Info CSI 00000226 [SR] Verify complete
2013-04-16 16:22:08, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:08, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:13, Info CSI 0000022a [SR] Verify complete
2013-04-16 16:22:14, Info CSI 0000022b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:14, Info CSI 0000022c [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:24, Info CSI 0000022e [SR] Verify complete
2013-04-16 16:22:25, Info CSI 0000022f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:25, Info CSI 00000230 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:40, Info CSI 00000232 [SR] Verify complete
2013-04-16 16:22:40, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:40, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:43, Info CSI 00000236 [SR] Verify complete
2013-04-16 16:22:44, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:44, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:50, Info CSI 0000023b [SR] Verify complete
2013-04-16 16:22:51, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:51, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:03, Info CSI 00000243 [SR] Verify complete
2013-04-16 16:23:03, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:03, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:06, Info CSI 00000247 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:23:20, Info CSI 0000024c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:23:20, Info CSI 0000024d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:23:27, Info CSI 00000253 [SR] Verify complete
2013-04-16 16:23:27, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:27, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:39, Info CSI 00000262 [SR] Verify complete
2013-04-16 16:23:39, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:39, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:42, Info CSI 00000266 [SR] Verify complete
2013-04-16 16:23:42, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:42, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:46, Info CSI 0000026a [SR] Verify complete
2013-04-16 16:23:47, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:47, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:53, Info CSI 0000026e [SR] Verify complete
2013-04-16 16:23:54, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:54, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:00, Info CSI 00000275 [SR] Verify complete
2013-04-16 16:24:01, Info CSI 00000276 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:01, Info CSI 00000277 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:07, Info CSI 00000279 [SR] Verify complete
2013-04-16 16:24:08, Info CSI 0000027a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:08, Info CSI 0000027b [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:21, Info CSI 000002a0 [SR] Verify complete
2013-04-16 16:24:22, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:22, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:27, Info CSI 000002a4 [SR] Verify complete
2013-04-16 16:24:27, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:27, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:34, Info CSI 000002a8 [SR] Verify complete
2013-04-16 16:24:34, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:34, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:41, Info CSI 000002ac [SR] Verify complete
2013-04-16 16:24:42, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:42, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:51, Info CSI 000002bf [SR] Verify complete
2013-04-16 16:24:51, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:51, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:06, Info CSI 000002c3 [SR] Verify complete
2013-04-16 16:25:06, Info CSI 000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:06, Info CSI 000002c5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:21, Info CSI 000002d3 [SR] Verify complete
2013-04-16 16:25:22, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:22, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:26, Info CSI 000002d7 [SR] Verify complete
2013-04-16 16:25:27, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:27, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:38, Info CSI 000002dc [SR] Verify complete
2013-04-16 16:25:39, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:39, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:50, Info CSI 000002e1 [SR] Verify complete
2013-04-16 16:25:50, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:50, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:54, Info CSI 000002e5 [SR] Verify complete
2013-04-16 16:25:55, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:55, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:05, Info CSI 000002e9 [SR] Verify complete
2013-04-16 16:26:06, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:06, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:13, Info CSI 000002ed [SR] Verify complete
2013-04-16 16:26:13, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:13, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:31, Info CSI 0000030b [SR] Verify complete
2013-04-16 16:26:31, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:31, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:43, Info CSI 0000030f [SR] Verify complete
2013-04-16 16:26:43, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:43, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:14, Info CSI 00000313 [SR] Verify complete
2013-04-16 16:27:14, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:14, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:23, Info CSI 00000317 [SR] Verify complete
2013-04-16 16:27:24, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:24, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:31, Info CSI 0000031b [SR] Verify complete
2013-04-16 16:27:32, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:32, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:38, Info CSI 00000320 [SR] Verify complete
2013-04-16 16:27:39, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:39, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:59, Info CSI 00000324 [SR] Verify complete
2013-04-16 16:28:00, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:00, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:08, Info CSI 00000328 [SR] Verify complete
2013-04-16 16:28:09, Info CSI 00000329 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:09, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:16, Info CSI 0000032c [SR] Verify complete
2013-04-16 16:28:16, Info CSI 0000032d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:16, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:24, Info CSI 00000331 [SR] Verify complete
2013-04-16 16:28:24, Info CSI 00000332 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:24, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:31, Info CSI 00000335 [SR] Verify complete
2013-04-16 16:28:31, Info CSI 00000336 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:31, Info CSI 00000337 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:39, Info CSI 00000339 [SR] Verify complete
2013-04-16 16:28:40, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:40, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:49, Info CSI 00000340 [SR] Verify complete
2013-04-16 16:28:50, Info CSI 00000341 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:50, Info CSI 00000342 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:59, Info  CSI 00000345 [SR] Verify complete
2013-04-16 16:28:59, Info CSI 00000346 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:59, Info CSI 00000347 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:05, Info CSI 00000349 [SR] Verify complete
2013-04-16 16:29:05, Info CSI 0000034a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:05, Info CSI 0000034b [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:16, Info CSI 0000034d [SR] Verify complete
2013-04-16 16:29:16, Info CSI 0000034e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:16, Info CSI 0000034f [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:25, Info CSI 00000351 [SR] Verify complete
2013-04-16 16:29:26, Info CSI 00000352 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:26, Info CSI 00000353 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 00000355 [SR] Verify complete
2013-04-16 16:29:34, Info CSI 00000356 [SR] Verifying 5 components
2013-04-16 16:29:34, Info CSI 00000357 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 00000359 [SR] Verify complete
2013-04-16 16:29:34, Info CSI 0000035a [SR] Repairing 6 components
2013-04-16 16:29:34, Info CSI 0000035b [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 0000035d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 0000035f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 00000361 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:29:35, Info CSI 00000364 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 00000365 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:35, Info CSI 00000367 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:35, Info CSI 00000369 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:35, Info CSI 0000036d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 0000036e [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:36, Info CSI 00000370 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:36, Info CSI 00000372 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:36, Info CSI 00000376 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:29:36, Info CSI 00000379 [SR] Repair complete
2013-04-16 16:29:36, Info CSI 0000037a [SR] Committing transaction
2013-04-16 16:29:36, Info CSI 0000037b [SR] Cannot commit interactively, there are boot critical components being repaired
2013-04-16 16:29:36, Info CSI 0000037c [SR] Repairing 6 components
2013-04-16 16:29:36, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:36, Info CSI 0000037f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:36, Info CSI 00000381 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000383 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:29:37, Info CSI 00000386 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000387 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:37, Info CSI 00000389 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:37, Info CSI 0000038b [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:37, Info CSI 0000038f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000390 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:37, Info CSI 00000392 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:37, Info CSI 00000394 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:38, Info CSI 00000398 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:29:38, Info CSI 0000039b [SR] Repair complete


----------



## Mark1956 (May 7, 2011)

The System File Checker has done some repairs but one file it was unable to fix. Please run the scan again and post the new log.

Is the system running any better?

Please also run this scan:

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (64-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:filefind
settings.ini
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## kbmccarthy (Sep 12, 2010)

Everything running well.

System file checker log
2013-04-16 16:09:46, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:46, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:48, Info CSI 00000009 [SR] Verify complete
2013-04-16 16:09:48, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:48, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:50, Info CSI 0000000d [SR] Verify complete
2013-04-16 16:09:50, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:50, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:52, Info CSI 00000011 [SR] Verify complete
2013-04-16 16:09:52, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:52, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:54, Info CSI 00000015 [SR] Verify complete
2013-04-16 16:09:54, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:54, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-04-16 16:09:58, Info CSI 00000019 [SR] Verify complete
2013-04-16 16:09:58, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:09:58, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:00, Info CSI 0000001d [SR] Verify complete
2013-04-16 16:10:00, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:00, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:02, Info CSI 00000021 [SR] Verify complete
2013-04-16 16:10:02, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:02, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:04, Info CSI 00000025 [SR] Verify complete
2013-04-16 16:10:05, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:05, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:06, Info CSI 00000029 [SR] Verify complete
2013-04-16 16:10:07, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:07, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:08, Info CSI 0000002d [SR] Verify complete
2013-04-16 16:10:09, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:09, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:11, Info CSI 00000031 [SR] Verify complete
2013-04-16 16:10:11, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:11, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:13, Info CSI 00000035 [SR] Verify complete
2013-04-16 16:10:13, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:13, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:15, Info CSI 00000039 [SR] Verify complete
2013-04-16 16:10:15, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:15, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:17, Info CSI 0000003d [SR] Verify complete
2013-04-16 16:10:17, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:17, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:19, Info CSI 00000041 [SR] Verify complete
2013-04-16 16:10:20, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:20, Info  CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:21, Info CSI 00000045 [SR] Verify complete
2013-04-16 16:10:22, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:22, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:24, Info CSI 00000049 [SR] Verify complete
2013-04-16 16:10:24, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:24, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:26, Info CSI 0000004d [SR] Verify complete
2013-04-16 16:10:26, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:26, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:28, Info CSI 00000051 [SR] Verify complete
2013-04-16 16:10:28, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:28, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:31, Info CSI 00000055 [SR] Verify complete
2013-04-16 16:10:31, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:31, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:36, Info CSI 00000059 [SR] Verify complete
2013-04-16 16:10:36, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:36, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:38, Info CSI 0000005d [SR] Verify complete
2013-04-16 16:10:39, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:39, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:42, Info CSI 00000061 [SR] Verify complete
2013-04-16 16:10:42, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:42, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:44, Info CSI 00000065 [SR] Verify complete
2013-04-16 16:10:44, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:44, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:46, Info CSI 00000069 [SR] Verify complete
2013-04-16 16:10:47, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:47, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:48, Info CSI 0000006d [SR] Verify complete
2013-04-16 16:10:49, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:49, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:51, Info CSI 00000071 [SR] Verify complete
2013-04-16 16:10:52, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:52, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:54, Info CSI 00000075 [SR] Verify complete
2013-04-16 16:10:55, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:55, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:57, Info CSI 00000079 [SR] Verify complete
2013-04-16 16:10:57, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:10:57, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2013-04-16 16:10:59, Info CSI 0000007d [SR] Verify complete
2013-04-16 16:11:00, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:00, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:01, Info CSI 00000081 [SR] Verify complete
2013-04-16 16:11:02, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:02, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:04, Info CSI 00000085 [SR] Verify complete
2013-04-16 16:11:05, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:05, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:10, Info CSI 00000089 [SR] Verify complete
2013-04-16 16:11:11, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:11, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:16, Info CSI 0000008f [SR] Verify complete
2013-04-16 16:11:16, Info CSI 00000090 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:16, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:25, Info CSI 00000094 [SR] Verify complete
2013-04-16 16:11:26, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:26, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:32, Info CSI 0000009a [SR] Verify complete
2013-04-16 16:11:33, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:33, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:41, Info CSI 0000009e [SR] Verify complete
2013-04-16 16:11:41, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:41, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2013-04-16 16:11:57, Info CSI 000000c2 [SR] Verify complete
2013-04-16 16:11:57, Info CSI 000000c3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:11:57, Info CSI 000000c4 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:04, Info CSI 000000c9 [SR] Verify complete
2013-04-16 16:12:05, Info CSI 000000ca [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:05, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:13, Info CSI 000000cd [SR] Verify complete
2013-04-16 16:12:14, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:14, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:20, Info CSI 000000d1 [SR] Verify complete
2013-04-16 16:12:21, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:21, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:31, Info CSI 000000d5 [SR] Verify complete
2013-04-16 16:12:31, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:31, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:46, Info CSI 000000d9 [SR] Verify complete
2013-04-16 16:12:46, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:46, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2013-04-16 16:12:59, Info CSI 000000f3 [SR] Verify complete
2013-04-16 16:12:59, Info CSI 000000f4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:12:59, Info CSI 000000f5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:18, Info CSI 000000f7 [SR] Verify complete
2013-04-16 16:13:19, Info CSI 000000f8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:19, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:39, Info CSI 000000fb [SR] Verify complete
2013-04-16 16:13:39, Info CSI 000000fc [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:39, Info CSI 000000fd [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:46, Info CSI 000000ff [SR] Verify complete
2013-04-16 16:13:47, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:47, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:50, Info CSI 00000103 [SR] Verify complete
2013-04-16 16:13:51, Info CSI 00000104 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:51, Info CSI 00000105 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:53, Info CSI 00000107 [SR] Verify complete
2013-04-16 16:13:54, Info CSI 00000108 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:54, Info CSI 00000109 [SR] Beginning Verify and Repair transaction
2013-04-16 16:13:57, Info CSI 0000010b [SR] Verify complete
2013-04-16 16:13:58, Info CSI 0000010c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:13:58, Info CSI 0000010d [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:19, Info CSI 00000120 [SR] Verify complete
2013-04-16 16:14:19, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:19, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:21, Info CSI 00000124 [SR] Verify complete
2013-04-16 16:14:22, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:22, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:27, Info CSI 00000128 [SR] Verify complete
2013-04-16 16:14:27, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:27, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:30, Info CSI 0000012c [SR] Verify complete
2013-04-16 16:14:31, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:31, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:40, Info CSI  00000130 [SR] Verify complete
2013-04-16 16:14:41, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:41, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2013-04-16 16:14:53, Info CSI 00000134 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:14:55, Info CSI 00000138 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:14:58, Info CSI 0000013b [SR] Verify complete
2013-04-16 16:14:59, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:14:59, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:02, Info CSI 0000013f [SR] Verify complete
2013-04-16 16:15:03, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:03, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:11, Info CSI 00000143 [SR] Verify complete
2013-04-16 16:15:12, Info CSI 00000144 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:12, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:19, Info CSI 00000147 [SR] Verify complete
2013-04-16 16:15:19, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:19, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:30, Info CSI 0000014b [SR] Verify complete
2013-04-16 16:15:30, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:30, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-04-16 16:15:48, Info CSI 00000165 [SR] Verify complete
2013-04-16 16:15:48, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:15:48, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:05, Info CSI 00000169 [SR] Verify complete
2013-04-16 16:16:05, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:05, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:37, Info CSI 0000016d [SR] Verify complete
2013-04-16 16:16:38, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:38, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2013-04-16 16:16:55, Info CSI 00000171 [SR] Verify complete
2013-04-16 16:16:56, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:16:56, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:08, Info CSI 00000175 [SR] Verify complete
2013-04-16 16:17:09, Info CSI 00000176 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:09, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:17, Info CSI 00000179 [SR] Verify complete
2013-04-16 16:17:17, Info CSI 0000017a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:17, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:25, Info CSI 0000017d [SR] Verify complete
2013-04-16 16:17:26, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:26, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:33, Info CSI 00000183 [SR] Verify complete
2013-04-16 16:17:33, Info CSI 00000184 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:33, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2013-04-16 16:17:54, Info CSI 00000187 [SR] Verify complete
2013-04-16 16:17:55, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:17:55, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:07, Info CSI 0000018b [SR] Verify complete
2013-04-16 16:18:08, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:08, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:16, Info CSI 0000018f [SR] Verify complete
2013-04-16 16:18:16, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:16, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:27, Info CSI 00000193 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:18:32, Info CSI 00000195 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:18:32, Info CSI 00000196 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:18:34, Info CSI 00000198 [SR] Verify complete
2013-04-16 16:18:35, Info CSI 00000199 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:35, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:46, Info CSI 0000019c [SR] Verify complete
2013-04-16 16:18:46, Info CSI 0000019d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:46, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2013-04-16 16:18:59, Info CSI 000001a0 [SR] Verify complete
2013-04-16 16:18:59, Info CSI 000001a1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:18:59, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:16, Info CSI 000001a5 [SR] Verify complete
2013-04-16 16:19:17, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:17, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:27, Info CSI 000001a9 [SR] Verify complete
2013-04-16 16:19:27, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:27, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:34, Info CSI 000001ad [SR] Verify complete
2013-04-16 16:19:34, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:34, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:42, Info CSI 000001b2 [SR] Verify complete
2013-04-16 16:19:42, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:42, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2013-04-16 16:19:52, Info CSI 000001b7 [SR] Verify complete
2013-04-16 16:19:53, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:19:53, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:07, Info CSI 000001e0 [SR] Verify complete
2013-04-16 16:20:07, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:07, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:14, Info CSI 000001e4 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:20:14, Info CSI 000001e6 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:20:15, Info CSI 000001ea [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:20:15, Info CSI 000001ec [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:20:18, Info CSI 000001f1 [SR] Verify complete
2013-04-16 16:20:19, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:19, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:32, Info CSI 000001f5 [SR] Verify complete
2013-04-16 16:20:32, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:32, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:40, Info CSI 000001f9 [SR] Verify complete
2013-04-16 16:20:41, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:41, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:44, Info CSI 000001fd [SR] Verify complete
2013-04-16 16:20:45, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:45, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2013-04-16 16:20:54, Info CSI 00000201 [SR] Verify complete
2013-04-16 16:20:55, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:20:55, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:03, Info CSI 00000205 [SR] Verify complete
2013-04-16 16:21:03, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:03, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:13, Info CSI 00000209 [SR] Verify complete
2013-04-16 16:21:14, Info  CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:14, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:35, Info CSI 0000020d [SR] Verify complete
2013-04-16 16:21:35, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:35, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:40, Info CSI 00000211 [SR] Verify complete
2013-04-16 16:21:41, Info CSI 00000212 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:41, Info CSI 00000213 [SR] Beginning Verify and Repair transaction
2013-04-16 16:21:47, Info CSI 00000215 [SR] Verify complete
2013-04-16 16:21:48, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:21:48, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:01, Info CSI 00000222 [SR] Verify complete
2013-04-16 16:22:02, Info CSI 00000223 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:02, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:07, Info CSI 00000226 [SR] Verify complete
2013-04-16 16:22:08, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:08, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:13, Info CSI 0000022a [SR] Verify complete
2013-04-16 16:22:14, Info CSI 0000022b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:14, Info CSI 0000022c [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:24, Info CSI 0000022e [SR] Verify complete
2013-04-16 16:22:25, Info CSI 0000022f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:25, Info CSI 00000230 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:40, Info CSI 00000232 [SR] Verify complete
2013-04-16 16:22:40, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:40, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:43, Info CSI 00000236 [SR] Verify complete
2013-04-16 16:22:44, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:44, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2013-04-16 16:22:50, Info CSI 0000023b [SR] Verify complete
2013-04-16 16:22:51, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:22:51, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:03, Info CSI 00000243 [SR] Verify complete
2013-04-16 16:23:03, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:03, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:06, Info CSI 00000247 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:23:20, Info CSI 0000024c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:23:20, Info CSI 0000024d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:23:27, Info CSI 00000253 [SR] Verify complete
2013-04-16 16:23:27, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:27, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:39, Info CSI 00000262 [SR] Verify complete
2013-04-16 16:23:39, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:39, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:42, Info CSI 00000266 [SR] Verify complete
2013-04-16 16:23:42, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:42, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:46, Info CSI 0000026a [SR] Verify complete
2013-04-16 16:23:47, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:47, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2013-04-16 16:23:53, Info CSI 0000026e [SR] Verify complete
2013-04-16 16:23:54, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:23:54, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:00, Info CSI 00000275 [SR] Verify complete
2013-04-16 16:24:01, Info CSI 00000276 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:01, Info CSI 00000277 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:07, Info CSI 00000279 [SR] Verify complete
2013-04-16 16:24:08, Info CSI 0000027a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:08, Info CSI 0000027b [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:21, Info CSI 000002a0 [SR] Verify complete
2013-04-16 16:24:22, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:22, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:27, Info CSI 000002a4 [SR] Verify complete
2013-04-16 16:24:27, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:27, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:34, Info CSI 000002a8 [SR] Verify complete
2013-04-16 16:24:34, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:34, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:41, Info CSI 000002ac [SR] Verify complete
2013-04-16 16:24:42, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:42, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2013-04-16 16:24:51, Info CSI 000002bf [SR] Verify complete
2013-04-16 16:24:51, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:24:51, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:06, Info CSI 000002c3 [SR] Verify complete
2013-04-16 16:25:06, Info CSI 000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:06, Info CSI 000002c5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:21, Info CSI 000002d3 [SR] Verify complete
2013-04-16 16:25:22, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:22, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:26, Info CSI 000002d7 [SR] Verify complete
2013-04-16 16:25:27, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:27, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:38, Info CSI 000002dc [SR] Verify complete
2013-04-16 16:25:39, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:39, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:50, Info CSI 000002e1 [SR] Verify complete
2013-04-16 16:25:50, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:50, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2013-04-16 16:25:54, Info CSI 000002e5 [SR] Verify complete
2013-04-16 16:25:55, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:25:55, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:05, Info CSI 000002e9 [SR] Verify complete
2013-04-16 16:26:06, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:06, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:13, Info CSI 000002ed [SR] Verify complete
2013-04-16 16:26:13, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:13, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:31, Info CSI 0000030b [SR] Verify complete
2013-04-16 16:26:31, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:31, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2013-04-16 16:26:43, Info CSI 0000030f [SR] Verify complete
2013-04-16 16:26:43, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:26:43, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:14, Info CSI 00000313 [SR] Verify complete
2013-04-16 16:27:14, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:14, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:23, Info CSI 00000317 [SR] Verify complete
2013-04-16 16:27:24, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:24, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:31, Info CSI 0000031b [SR] Verify complete
2013-04-16 16:27:32, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:32, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:38, Info CSI 00000320 [SR] Verify complete
2013-04-16 16:27:39, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:27:39, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2013-04-16 16:27:59, Info CSI 00000324 [SR] Verify complete
2013-04-16 16:28:00, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:00, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:08, Info CSI 00000328 [SR] Verify complete
2013-04-16 16:28:09, Info CSI 00000329 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:09, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:16, Info CSI 0000032c [SR] Verify complete
2013-04-16 16:28:16, Info CSI 0000032d [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:16, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:24, Info CSI 00000331 [SR] Verify complete
2013-04-16 16:28:24, Info CSI 00000332 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:24, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:31, Info CSI 00000335 [SR] Verify complete
2013-04-16 16:28:31, Info CSI 00000336 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:31, Info CSI 00000337 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:39, Info CSI 00000339 [SR] Verify complete
2013-04-16 16:28:40, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:40, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:49, Info CSI 00000340 [SR] Verify complete
2013-04-16 16:28:50, Info CSI 00000341 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:50, Info CSI 00000342 [SR] Beginning Verify and Repair transaction
2013-04-16 16:28:59, Info CSI 00000345 [SR] Verify complete
2013-04-16 16:28:59, Info CSI 00000346 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:28:59, Info CSI 00000347 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:05, Info CSI 00000349 [SR] Verify complete
2013-04-16 16:29:05, Info CSI 0000034a [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:05, Info CSI 0000034b [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:16, Info CSI 0000034d [SR] Verify complete
2013-04-16 16:29:16, Info CSI 0000034e [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:16, Info CSI 0000034f [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:25, Info CSI 00000351 [SR] Verify complete
2013-04-16 16:29:26, Info CSI 00000352 [SR] Verifying 100 (0x0000000000000064) components
2013-04-16 16:29:26, Info CSI 00000353 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 00000355 [SR] Verify complete
2013-04-16 16:29:34, Info CSI 00000356 [SR] Verifying 5 components
2013-04-16 16:29:34, Info CSI 00000357 [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 00000359 [SR] Verify complete
2013-04-16 16:29:34, Info CSI 0000035a [SR] Repairing 6 components
2013-04-16 16:29:34, Info CSI 0000035b [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:34, Info CSI 0000035d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 0000035f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 00000361 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:29:35, Info CSI 00000364 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 00000365 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:35, Info CSI 00000367 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:35, Info CSI 00000369 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:35, Info CSI 0000036d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:35, Info CSI 0000036e [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:36, Info CSI 00000370 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:36, Info CSI 00000372 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:36, Info CSI 00000376 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:29:36, Info CSI 00000379 [SR] Repair complete
2013-04-16 16:29:36, Info CSI 0000037a [SR] Committing transaction
2013-04-16 16:29:36, Info CSI 0000037b [SR] Cannot commit interactively, there are boot critical components being repaired
2013-04-16 16:29:36, Info CSI 0000037c [SR] Repairing 6 components
2013-04-16 16:29:36, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2013-04-16 16:29:36, Info CSI 0000037f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:36, Info CSI 00000381 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000383 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-16 16:29:37, Info CSI 00000386 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000387 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:37, Info CSI 00000389 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:37, Info CSI 0000038b [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:37, Info CSI 0000038f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-16 16:29:37, Info CSI 00000390 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-16 16:29:37, Info CSI 00000392 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-16 16:29:37, Info CSI 00000394 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-16 16:29:38, Info CSI 00000398 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-16 16:29:38, Info CSI 0000039b [SR] Repair complete

System Look log
SystemLook 04.09.10 by jpshortstuff
Log created at 06:49 on 30/04/2013 by Kimmy
Administrator - Elevation successful

========== filefind ==========

Searching for "settings.ini"
C:\Program Files\Windows Sidebar\settings.ini --a---- 1108 bytes [02:47 21/01/2008] [09:06 24/02/2011] 0C16BAA342C37B4C79290B65873D0B29
C:\Program Files (x86)\Windows Sidebar\settings.ini --a---- 1060 bytes [02:47 21/01/2008] [09:06 24/02/2011] 58F3012453552F2AF1919DEE1A951CAA
C:\Users\cantstandyou\AppData\Local\Microsoft\Windows Sidebar\Settings.ini --a---- 1552 bytes [20:39 26/11/2009] [20:39 26/11/2009] B29EECF31BCCBB03C0394AF358C079F7
C:\Users\ERBM\AppData\Local\Microsoft\Windows Calendar\Settings\Settings.ini --a---- 192 bytes [05:27 06/02/2010] [05:27 06/02/2010] 685EA79EBDF9A0EF270CAFCB429AD76A
C:\Users\ERBM\AppData\Local\Microsoft\Windows Sidebar\Settings.ini --a---- 3738 bytes [19:55 07/11/2009] [17:20 30/03/2013] 17BC8FF23B698A0311C5D03223CF7DE2
C:\Users\Guest\AppData\Local\Microsoft\Windows Sidebar\Settings.ini --a---- 1552 bytes [05:59 22/01/2010] [05:59 22/01/2010] B29EECF31BCCBB03C0394AF358C079F7
C:\Users\Kimmy\AppData\Local\Microsoft\Windows Calendar\Settings\Settings.ini --a---- 197 bytes [01:39 14/01/2013] [01:39 14/01/2013] 802429810E4EC6697835F55097AA4658
C:\Users\Kimmy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini --a---- 2496 bytes [18:32 22/11/2009] [17:33 23/08/2011] 1B9322A9EFE6F078D81E346486AB3BEE
C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_2afb4740df058c0c\settings.ini --a---- 1108 bytes [02:47 21/01/2008] [19:50 07/11/2009] 0C16BAA342C37B4C79290B65873D0B29
C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini --a---- 1108 bytes [02:47 21/01/2008] [19:50 07/11/2009] 0C16BAA342C37B4C79290B65873D0B29
C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_354ff19313664e07\settings.ini --a---- 1060 bytes [02:47 21/01/2008] [19:50 07/11/2009] 58F3012453552F2AF1919DEE1A951CAA
C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_373b6a9f10881953\settings.ini --a---- 1060 bytes [02:47 21/01/2008] [19:50 07/11/2009] 58F3012453552F2AF1919DEE1A951CAA
C:\_OTM\MovedFiles\03092013_102757\C_ProgramData\Search-NewTab\settings.ini --a---- 7280 bytes [15:37 29/01/2013] [16:01 29/01/2013] B7A5C0A38D3EBE7572BB81D15C78B29B

-= EOF =-


----------



## Mark1956 (May 7, 2011)

The SFC log you posted above is the same one you posted before, please run it again and post the new log.

As far as I can see from some research the SFC detection that the settings.ini file is corrupt is a known bug in Vista. The file is altered by various factors and hence cannot be recognized correctly by the File Checker so it is nothing to worry about. However, I would like to see an up to date log just to check everything is now ok.

Are there any remaining problems, has the Notepad issue stopped?


----------



## kbmccarthy (Sep 12, 2010)

Here is another SFC log. The untitled not problem is very random, I think I can deal with it for a while. You have done a fantastic job. If you say all is good, I say all is good. Just need to know what to do with downloaded programs. If I should keep or uninstall.

Kim

2013-04-29 22:42:40, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:40, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:42, Info CSI 00000009 [SR] Verify complete
2013-04-29 22:42:43, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:43, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:44, Info CSI 0000000d [SR] Verify complete
2013-04-29 22:42:45, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:45, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:47, Info CSI 00000011 [SR] Verify complete
2013-04-29 22:42:47, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:47, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:49, Info CSI 00000015 [SR] Verify complete
2013-04-29 22:42:50, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:50, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:53, Info CSI 00000019 [SR] Verify complete
2013-04-29 22:42:53, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:53, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:55, Info CSI 0000001d [SR] Verify complete
2013-04-29 22:42:55, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:55, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-04-29 22:42:57, Info CSI 00000021 [SR] Verify complete
2013-04-29 22:42:58, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:42:58, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:00, Info CSI 00000025 [SR] Verify complete
2013-04-29 22:43:00, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:00, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:02, Info CSI 00000029 [SR] Verify complete
2013-04-29 22:43:02, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:02, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:04, Info CSI 0000002d [SR] Verify complete
2013-04-29 22:43:05, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:05, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:06, Info CSI 00000031 [SR] Verify complete
2013-04-29 22:43:07, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:07, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:09, Info CSI 00000035 [SR] Verify complete
2013-04-29 22:43:09, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:09, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:11, Info CSI 00000039 [SR] Verify complete
2013-04-29 22:43:11, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:11, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:13, Info CSI 0000003d [SR] Verify complete
2013-04-29 22:43:13, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:13, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:15, Info CSI 00000041 [SR] Verify complete
2013-04-29 22:43:16, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:16, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:17, Info CSI 00000045 [SR] Verify complete
2013-04-29 22:43:18, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:18, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:20, Info CSI 00000049 [SR] Verify complete
2013-04-29 22:43:20, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:20, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:22, Info CSI 0000004d [SR] Verify complete
2013-04-29 22:43:23, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:23, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:24, Info CSI 00000051 [SR] Verify complete
2013-04-29 22:43:25, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:25, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:28, Info CSI 00000055 [SR] Verify complete
2013-04-29 22:43:28, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:28, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:33, Info CSI 00000059 [SR] Verify complete
2013-04-29 22:43:33, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:33, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:36, Info CSI 0000005d [SR] Verify complete
2013-04-29 22:43:36, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:36, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:40, Info CSI 00000061 [SR] Verify complete
2013-04-29 22:43:40, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:40, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:42, Info CSI 00000065 [SR] Verify complete
2013-04-29 22:43:42, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:42, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:45, Info CSI 00000069 [SR] Verify complete
2013-04-29 22:43:46, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:46, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:48, Info CSI 0000006d [SR] Verify complete
2013-04-29 22:43:48, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:48, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:50, Info CSI 00000071 [SR] Verify complete
2013-04-29 22:43:51, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:51, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:54, Info CSI 00000075 [SR] Verify complete
2013-04-29 22:43:55, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:55, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:57, Info CSI 00000079 [SR] Verify complete
2013-04-29 22:43:57, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:43:57, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2013-04-29 22:43:59, Info CSI 0000007d [SR] Verify complete
2013-04-29 22:44:00, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:00, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:01, Info CSI 00000081 [SR] Verify complete
2013-04-29 22:44:02, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:02, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:05, Info CSI 00000085 [SR] Verify complete
2013-04-29 22:44:06, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:06, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:12, Info CSI 00000089 [SR] Verify complete
2013-04-29 22:44:13, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:13, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:18, Info CSI 0000008f [SR] Verify complete
2013-04-29 22:44:18, Info CSI 00000090 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:18, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:28, Info CSI 00000094 [SR] Verify complete
2013-04-29 22:44:28, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:28, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:35, Info CSI 0000009a [SR] Verify complete
2013-04-29 22:44:36, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:36, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2013-04-29 22:44:44, Info CSI 0000009e [SR] Verify complete
2013-04-29 22:44:45, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:44:45, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:01, Info CSI 000000c2 [SR] Verify complete
2013-04-29 22:45:02, Info CSI 000000c3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:02, Info CSI 000000c4 [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:09, Info CSI 000000c9 [SR] Verify complete
2013-04-29 22:45:10, Info CSI 000000ca [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:10, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:19, Info CSI 000000cd [SR] Verify complete
2013-04-29 22:45:19, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:19, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:26, Info CSI 000000d1 [SR] Verify complete
2013-04-29 22:45:27, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:27, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:38, Info CSI 000000d5 [SR] Verify complete
2013-04-29 22:45:39, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:39, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2013-04-29 22:45:51, Info CSI 000000d9 [SR] Verify complete
2013-04-29 22:45:52, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:45:52, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2013-04-29 22:46:06, Info CSI 000000f3 [SR] Verify complete
2013-04-29 22:46:07, Info CSI 000000f4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:46:07, Info CSI 000000f5 [SR] Beginning Verify and Repair transaction
2013-04-29 22:46:28, Info CSI 000000f7 [SR] Verify complete
2013-04-29 22:46:28, Info CSI 000000f8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:46:28, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction
2013-04-29 22:46:51, Info CSI 000000fb [SR] Verify complete
2013-04-29 22:46:52, Info CSI 000000fc [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:46:52, Info CSI 000000fd [SR] Beginning Verify and Repair transaction
2013-04-29 22:46:59, Info CSI 000000ff [SR] Verify complete
2013-04-29 22:47:00, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:00, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:04, Info CSI 00000103 [SR] Verify complete
2013-04-29 22:47:04, Info CSI 00000104 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:04, Info CSI 00000105 [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:07, Info CSI 00000107 [SR] Verify complete
2013-04-29 22:47:08, Info CSI 00000108 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:08, Info CSI 00000109 [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:11, Info CSI 0000010b [SR] Verify complete
2013-04-29 22:47:12, Info CSI 0000010c [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:12, Info CSI 0000010d [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:35, Info CSI 00000120 [SR] Verify complete
2013-04-29 22:47:35, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:35, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:38, Info CSI 00000124 [SR] Verify complete
2013-04-29 22:47:38, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:38, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:44, Info CSI 00000128 [SR] Verify complete
2013-04-29 22:47:44, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:44, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2013-04-29 22:47:48, Info CSI 0000012c [SR] Verify complete
2013-04-29 22:47:48, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:47:48, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:00, Info CSI 00000130 [SR] Verify complete
2013-04-29 22:48:00, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:00, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:18, Info CSI 00000135 [SR] Verify complete
2013-04-29 22:48:19, Info CSI 00000136 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:19, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:23, Info CSI 00000139 [SR] Verify complete
2013-04-29 22:48:24, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:24, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:33, Info CSI 0000013d [SR] Verify complete
2013-04-29 22:48:34, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:34, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:41, Info CSI 00000141 [SR] Verify complete
2013-04-29 22:48:42, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:42, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2013-04-29 22:48:53, Info CSI 00000145 [SR] Verify complete
2013-04-29 22:48:53, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:48:53, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2013-04-29 22:49:13, Info CSI 0000015f [SR] Verify complete
2013-04-29 22:49:13, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:49:13, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2013-04-29 22:49:31, Info CSI 00000163 [SR] Verify complete
2013-04-29 22:49:32, Info CSI 00000164 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:49:32, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2013-04-29 22:50:06, Info CSI 00000167 [SR] Verify complete
2013-04-29 22:50:07, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:50:07, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2013-04-29 22:50:26, Info CSI 0000016b [SR] Verify complete
2013-04-29 22:50:27, Info CSI 0000016c [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:50:27, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2013-04-29 22:50:40, Info CSI 0000016f [SR] Verify complete
2013-04-29 22:50:41, Info CSI 00000170 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:50:41, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2013-04-29 22:50:51, Info CSI 00000173 [SR] Verify complete
2013-04-29 22:50:51, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:50:51, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2013-04-29 22:51:00, Info CSI 00000177 [SR] Verify complete
2013-04-29 22:51:01, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:51:01, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2013-04-29 22:51:09, Info CSI 0000017d [SR] Verify complete
2013-04-29 22:51:10, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:51:10, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2013-04-29 22:51:32, Info CSI 00000181 [SR] Verify complete
2013-04-29 22:51:33, Info CSI 00000182 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:51:33, Info CSI 00000183 [SR] Beginning Verify and Repair transaction
2013-04-29 22:51:47, Info CSI 00000185 [SR] Verify complete
2013-04-29 22:51:47, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:51:47, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2013-04-29 22:51:57, Info CSI 00000189 [SR] Verify complete
2013-04-29 22:51:57, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:51:57, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2013-04-29 22:52:09, Info CSI 0000018d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 22:52:15, Info CSI 0000018f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 22:52:15, Info CSI 00000190 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 22:52:17, Info CSI 00000192 [SR] Verify complete
2013-04-29 22:52:18, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:52:18, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2013-04-29 22:52:29, Info CSI 00000196 [SR] Verify complete
2013-04-29 22:52:30, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:52:30, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2013-04-29 22:52:43, Info CSI 0000019a [SR] Verify complete
2013-04-29 22:52:44, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:52:44, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2013-04-29 22:53:03, Info CSI 0000019f [SR] Verify complete
2013-04-29 22:53:04, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:53:04, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2013-04-29 22:53:15, Info CSI 000001a3 [SR] Verify complete
2013-04-29 22:53:16, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:53:16, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2013-04-29 22:53:23, Info CSI 000001a7 [SR] Verify complete
2013-04-29 22:53:23, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:53:23, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2013-04-29 22:53:34, Info CSI 000001ac [SR] Verify complete
2013-04-29 22:53:35, Info CSI 000001ad [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:53:35, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2013-04-29 22:53:50, Info CSI 000001b1 [SR] Verify complete
2013-04-29 22:53:51, Info CSI 000001b2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:53:51, Info CSI 000001b3 [SR] Beginning Verify and Repair transaction
2013-04-29 22:54:09, Info CSI 000001da [SR] Verify complete
2013-04-29 22:54:10, Info CSI 000001db [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:54:10, Info CSI 000001dc [SR] Beginning Verify and Repair transaction
2013-04-29 22:54:18, Info CSI 000001de [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 22:54:18, Info CSI 000001e0 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 22:54:19, Info CSI 000001e4 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 22:54:19, Info CSI 000001e6 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 22:54:23, Info CSI 000001eb [SR] Verify complete
2013-04-29 22:54:24, Info CSI 000001ec [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:54:24, Info CSI 000001ed [SR] Beginning Verify and Repair transaction
2013-04-29 22:54:38, Info CSI 000001ef [SR] Verify complete
2013-04-29 22:54:39, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:54:39, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2013-04-29 22:54:49, Info CSI 000001f3 [SR] Verify complete
2013-04-29 22:54:49, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:54:49, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2013-04-29 22:54:53, Info CSI 000001f7 [SR] Verify complete
2013-04-29 22:54:54, Info CSI 000001f8 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:54:54, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2013-04-29 22:55:05, Info CSI 000001fb [SR] Verify complete
2013-04-29 22:55:06, Info CSI 000001fc [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:55:06, Info CSI 000001fd [SR] Beginning Verify and Repair transaction
2013-04-29 22:55:14, Info CSI 000001ff [SR] Verify complete
2013-04-29 22:55:15, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:55:15, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2013-04-29 22:55:26, Info CSI 00000203 [SR] Verify complete
2013-04-29 22:55:26, Info CSI 00000204 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:55:26, Info CSI 00000205 [SR] Beginning Verify and Repair transaction
2013-04-29 22:55:48, Info CSI 00000207 [SR] Verify complete
2013-04-29 22:55:49, Info CSI 00000208 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:55:49, Info CSI 00000209 [SR] Beginning Verify and Repair transaction
2013-04-29 22:55:54, Info CSI 0000020b [SR] Verify complete
2013-04-29 22:55:55, Info CSI 0000020c [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:55:55, Info CSI 0000020d [SR] Beginning Verify and Repair transaction
2013-04-29 22:56:02, Info CSI 0000020f [SR] Verify complete
2013-04-29 22:56:03, Info CSI 00000210 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:56:03, Info CSI 00000211 [SR] Beginning Verify and Repair transaction
2013-04-29 22:56:18, Info CSI 0000021c [SR] Verify complete
2013-04-29 22:56:19, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:56:19, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2013-04-29 22:56:25, Info CSI 00000220 [SR] Verify complete
2013-04-29 22:56:26, Info CSI 00000221 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:56:26, Info CSI 00000222 [SR] Beginning Verify and Repair transaction
2013-04-29 22:56:32, Info CSI 00000224 [SR] Verify complete
2013-04-29 22:56:33, Info CSI 00000225 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:56:33, Info CSI 00000226 [SR] Beginning Verify and Repair transaction
2013-04-29 22:56:43, Info CSI 00000228 [SR] Verify complete
2013-04-29 22:56:44, Info CSI 00000229 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:56:44, Info CSI 0000022a [SR] Beginning Verify and Repair transaction
2013-04-29 22:57:00, Info CSI 0000022c [SR] Verify complete
2013-04-29 22:57:01, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:57:01, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2013-04-29 22:57:04, Info CSI 00000230 [SR] Verify complete
2013-04-29 22:57:05, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:57:05, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2013-04-29 22:57:12, Info CSI 00000235 [SR] Verify complete
2013-04-29 22:57:13, Info CSI 00000236 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:57:13, Info CSI 00000237 [SR] Beginning Verify and Repair transaction
2013-04-29 22:57:26, Info CSI 0000023d [SR] Verify complete
2013-04-29 22:57:26, Info CSI 0000023e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:57:26, Info CSI 0000023f [SR] Beginning Verify and Repair transaction
2013-04-29 22:57:30, Info CSI 00000241 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 22:57:45, Info CSI 00000246 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 22:57:45, Info CSI 00000247 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 22:57:52, Info CSI 0000024d [SR] Verify complete
2013-04-29 22:57:52, Info CSI 0000024e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:57:52, Info CSI 0000024f [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:05, Info CSI 0000025c [SR] Verify complete
2013-04-29 22:58:05, Info CSI 0000025d [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:05, Info CSI 0000025e [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:08, Info CSI 00000260 [SR] Verify complete
2013-04-29 22:58:09, Info CSI 00000261 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:09, Info CSI 00000262 [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:13, Info CSI 00000264 [SR] Verify complete
2013-04-29 22:58:14, Info CSI 00000265 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:14, Info CSI 00000266 [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:20, Info CSI 00000268 [SR] Verify complete
2013-04-29 22:58:21, Info CSI 00000269 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:21, Info CSI 0000026a [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:28, Info CSI 0000026f [SR] Verify complete
2013-04-29 22:58:28, Info CSI 00000270 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:28, Info CSI 00000271 [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:36, Info CSI 00000273 [SR] Verify complete
2013-04-29 22:58:36, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:36, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:50, Info CSI 0000029a [SR] Verify complete
2013-04-29 22:58:51, Info CSI 0000029b [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:51, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2013-04-29 22:58:56, Info CSI 0000029e [SR] Verify complete
2013-04-29 22:58:56, Info CSI 0000029f [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:58:56, Info CSI 000002a0 [SR] Beginning Verify and Repair transaction
2013-04-29 22:59:04, Info CSI 000002a2 [SR] Verify complete
2013-04-29 22:59:05, Info CSI 000002a3 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:59:05, Info CSI 000002a4 [SR] Beginning Verify and Repair transaction
2013-04-29 22:59:12, Info CSI 000002a6 [SR] Verify complete
2013-04-29 22:59:13, Info CSI 000002a7 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:59:13, Info CSI 000002a8 [SR] Beginning Verify and Repair transaction
2013-04-29 22:59:22, Info CSI 000002b9 [SR] Verify complete
2013-04-29 22:59:23, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:59:23, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2013-04-29 22:59:39, Info CSI 000002bd [SR] Verify complete
2013-04-29 22:59:39, Info CSI 000002be [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:59:39, Info CSI 000002bf [SR] Beginning Verify and Repair transaction
2013-04-29 22:59:55, Info CSI 000002cd [SR] Verify complete
2013-04-29 22:59:56, Info CSI 000002ce [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 22:59:56, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:00, Info CSI 000002d1 [SR] Verify complete
2013-04-29 23:00:01, Info CSI 000002d2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:01, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:12, Info CSI 000002d6 [SR] Verify complete
2013-04-29 23:00:12, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:12, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:23, Info CSI 000002da [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-29 23:00:24, Info CSI 000002dd [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-29 23:00:25, Info CSI 000002e1 [SR] Verify complete
2013-04-29 23:00:26, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:26, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:30, Info CSI 000002e5 [SR] Verify complete
2013-04-29 23:00:30, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:30, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:41, Info CSI 000002e9 [SR] Verify complete
2013-04-29 23:00:42, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:42, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-04-29 23:00:49, Info CSI 000002ed [SR] Verify complete
2013-04-29 23:00:49, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:00:49, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2013-04-29 23:01:08, Info CSI 00000309 [SR] Verify complete
2013-04-29 23:01:08, Info CSI 0000030a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:01:08, Info CSI 0000030b [SR] Beginning Verify and Repair transaction
2013-04-29 23:01:21, Info CSI 0000030f [SR] Verify complete
2013-04-29 23:01:21, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:01:21, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2013-04-29 23:01:54, Info CSI 00000313 [SR] Verify complete
2013-04-29 23:01:55, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:01:55, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2013-04-29 23:02:05, Info CSI 00000317 [SR] Verify complete
2013-04-29 23:02:06, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:02:06, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2013-04-29 23:02:14, Info CSI 0000031b [SR] Verify complete
2013-04-29 23:02:14, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:02:14, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2013-04-29 23:02:21, Info CSI 00000320 [SR] Verify complete
2013-04-29 23:02:22, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:02:22, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2013-04-29 23:02:43, Info CSI 00000324 [SR] Verify complete
2013-04-29 23:02:44, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:02:44, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2013-04-29 23:02:53, Info CSI 00000328 [SR] Verify complete
2013-04-29 23:02:53, Info CSI 00000329 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:02:53, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:01, Info CSI 0000032c [SR] Verify complete
2013-04-29 23:03:01, Info CSI 0000032d [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:01, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:09, Info CSI 00000331 [SR] Verify complete
2013-04-29 23:03:10, Info CSI 00000332 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:10, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:17, Info CSI 00000335 [SR] Verify complete
2013-04-29 23:03:17, Info CSI 00000336 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:17, Info CSI 00000337 [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:26, Info CSI 00000339 [SR] Verify complete
2013-04-29 23:03:27, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:27, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:37, Info CSI 00000340 [SR] Verify complete
2013-04-29 23:03:37, Info CSI 00000341 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:37, Info CSI 00000342 [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:47, Info CSI 00000344 [SR] Verify complete
2013-04-29 23:03:48, Info CSI 00000345 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:48, Info CSI 00000346 [SR] Beginning Verify and Repair transaction
2013-04-29 23:03:54, Info CSI 00000349 [SR] Verify complete
2013-04-29 23:03:55, Info CSI 0000034a [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:03:55, Info CSI 0000034b [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:07, Info CSI 0000034d [SR] Verify complete
2013-04-29 23:04:07, Info CSI 0000034e [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:04:07, Info CSI 0000034f [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:16, Info CSI 00000351 [SR] Verify complete
2013-04-29 23:04:17, Info CSI 00000352 [SR] Verifying 100 (0x0000000000000064) components
2013-04-29 23:04:17, Info CSI 00000353 [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:26, Info CSI 00000355 [SR] Verify complete
2013-04-29 23:04:26, Info CSI 00000356 [SR] Verifying 10 (0x000000000000000a) components
2013-04-29 23:04:26, Info CSI 00000357 [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:27, Info CSI 00000359 [SR] Verify complete
2013-04-29 23:04:27, Info CSI 0000035a [SR] Repairing 6 components
2013-04-29 23:04:27, Info CSI 0000035b [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:27, Info CSI 0000035d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:27, Info CSI 0000035f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:27, Info CSI 00000361 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:27, Info CSI 00000362 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 23:04:27, Info CSI 00000364 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 23:04:27, Info CSI 00000366 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 23:04:28, Info CSI 0000036a [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:28, Info CSI 0000036b [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 23:04:28, Info CSI 0000036d [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-29 23:04:28, Info CSI 00000370 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 23:04:28, Info CSI 00000372 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 23:04:29, Info CSI 00000376 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-29 23:04:29, Info CSI 00000379 [SR] Repair complete
2013-04-29 23:04:29, Info CSI 0000037a [SR] Committing transaction
2013-04-29 23:04:29, Info CSI 0000037b [SR] Cannot commit interactively, there are boot critical components being repaired
2013-04-29 23:04:29, Info CSI 0000037c [SR] Repairing 6 components
2013-04-29 23:04:29, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2013-04-29 23:04:29, Info CSI 0000037f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:29, Info CSI 00000381 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:29, Info CSI 00000383 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:29, Info CSI 00000384 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 23:04:29, Info CSI 00000386 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 23:04:29, Info CSI 00000388 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 23:04:30, Info CSI 0000038c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-04-29 23:04:30, Info CSI 0000038d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-04-29 23:04:30, Info CSI 0000038f [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-04-29 23:04:30, Info CSI 00000392 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-04-29 23:04:30, Info CSI 00000394 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-04-29 23:04:30, Info CSI 00000398 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-04-29 23:04:30, Info CSI 0000039b [SR] Repair complete
2013-05-05 16:27:40, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:40, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:42, Info CSI 00000009 [SR] Verify complete
2013-05-05 16:27:43, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:43, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:44, Info CSI 0000000d [SR] Verify complete
2013-05-05 16:27:45, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:45, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:47, Info CSI 00000011 [SR] Verify complete
2013-05-05 16:27:47, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:47, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:49, Info CSI 00000015 [SR] Verify complete
2013-05-05 16:27:49, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:49, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:53, Info CSI 00000019 [SR] Verify complete
2013-05-05 16:27:53, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:53, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:55, Info CSI 0000001d [SR] Verify complete
2013-05-05 16:27:55, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:55, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:57, Info CSI 00000021 [SR] Verify complete
2013-05-05 16:27:58, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:27:58, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-05-05 16:27:59, Info CSI 00000025 [SR] Verify complete
2013-05-05 16:28:00, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:00, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:02, Info CSI 00000029 [SR] Verify complete
2013-05-05 16:28:02, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:02, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:04, Info CSI 0000002d [SR] Verify complete
2013-05-05 16:28:05, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:05, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:06, Info CSI 00000031 [SR] Verify complete
2013-05-05 16:28:07, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:07, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:09, Info CSI 00000035 [SR] Verify complete
2013-05-05 16:28:09, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:09, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:11, Info CSI 00000039 [SR] Verify complete
2013-05-05 16:28:12, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:12, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:13, Info CSI 0000003d [SR] Verify complete
2013-05-05 16:28:14, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:14, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:15, Info CSI 00000041 [SR] Verify complete
2013-05-05 16:28:16, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:16, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:18, Info CSI 00000045 [SR] Verify complete
2013-05-05 16:28:18, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:18, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:20, Info CSI 00000049 [SR] Verify complete
2013-05-05 16:28:21, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:21, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:22, Info CSI 0000004d [SR] Verify complete
2013-05-05 16:28:23, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:23, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:25, Info CSI 00000051 [SR] Verify complete
2013-05-05 16:28:25, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:25, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:28, Info CSI 00000055 [SR] Verify complete
2013-05-05 16:28:28, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:28, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:33, Info CSI 00000059 [SR] Verify complete
2013-05-05 16:28:33, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:33, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:35, Info CSI 0000005d [SR] Verify complete
2013-05-05 16:28:36, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:36, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:39, Info CSI 00000061 [SR] Verify complete
2013-05-05 16:28:40, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:40, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:41, Info CSI 00000065 [SR] Verify complete
2013-05-05 16:28:42, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:42, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:44, Info CSI 00000069 [SR] Verify complete
2013-05-05 16:28:45, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:45, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:46, Info CSI 0000006d [SR] Verify complete
2013-05-05 16:28:47, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:47, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:49, Info CSI 00000071 [SR] Verify complete
2013-05-05 16:28:50, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:50, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:52, Info CSI 00000075 [SR] Verify complete
2013-05-05 16:28:53, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:53, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:55, Info CSI 00000079 [SR] Verify complete
2013-05-05 16:28:55, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:55, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:57, Info CSI 0000007d [SR] Verify complete
2013-05-05 16:28:58, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:28:58, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2013-05-05 16:28:59, Info CSI 00000081 [SR] Verify complete
2013-05-05 16:29:00, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:00, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:03, Info CSI 00000085 [SR] Verify complete
2013-05-05 16:29:03, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:03, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:09, Info CSI 00000089 [SR] Verify complete
2013-05-05 16:29:09, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:09, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:14, Info CSI 0000008f [SR] Verify complete
2013-05-05 16:29:15, Info CSI 00000090 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:15, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:24, Info CSI 00000094 [SR] Verify complete
2013-05-05 16:29:24, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:24, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:30, Info CSI 0000009a [SR] Verify complete
2013-05-05 16:29:31, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:31, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:39, Info CSI 0000009e [SR] Verify complete
2013-05-05 16:29:39, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:39, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2013-05-05 16:29:54, Info CSI 000000c2 [SR] Verify complete
2013-05-05 16:29:55, Info CSI 000000c3 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:29:55, Info CSI 000000c4 [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:01, Info CSI 000000c9 [SR] Verify complete
2013-05-05 16:30:02, Info CSI 000000ca [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:02, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:10, Info CSI 000000cd [SR] Verify complete
2013-05-05 16:30:11, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:11, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:18, Info CSI 000000d1 [SR] Verify complete
2013-05-05 16:30:18, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:18, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:28, Info CSI 000000d5 [SR] Verify complete
2013-05-05 16:30:29, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:29, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:41, Info CSI 000000d9 [SR] Verify complete
2013-05-05 16:30:42, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:42, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2013-05-05 16:30:53, Info CSI 000000f3 [SR] Verify complete
2013-05-05 16:30:53, Info CSI 000000f4 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:30:53, Info CSI 000000f5 [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:13, Info CSI 000000f7 [SR] Verify complete
2013-05-05 16:31:14, Info CSI 000000f8 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:14, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:34, Info CSI 000000fb [SR] Verify complete
2013-05-05 16:31:35, Info CSI 000000fc [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:35, Info CSI 000000fd [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:43, Info CSI 000000ff [SR] Verify complete
2013-05-05 16:31:43, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:43, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:47, Info CSI 00000103 [SR] Verify complete
2013-05-05 16:31:47, Info CSI 00000104 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:47, Info CSI 00000105 [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:50, Info CSI 00000107 [SR] Verify complete
2013-05-05 16:31:51, Info CSI 00000108 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:51, Info CSI 00000109 [SR] Beginning Verify and Repair transaction
2013-05-05 16:31:54, Info CSI 0000010b [SR] Verify complete
2013-05-05 16:31:55, Info CSI 0000010c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:31:55, Info CSI 0000010d [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:17, Info CSI 00000120 [SR] Verify complete
2013-05-05 16:32:18, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:32:18, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:20, Info CSI 00000124 [SR] Verify complete
2013-05-05 16:32:21, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:32:21, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:26, Info CSI 00000128 [SR] Verify complete
2013-05-05 16:32:27, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:32:27, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:30, Info CSI 0000012c [SR] Verify complete
2013-05-05 16:32:31, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:32:31, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:41, Info CSI 00000130 [SR] Verify complete
2013-05-05 16:32:42, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:32:42, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2013-05-05 16:32:54, Info CSI 00000134 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-05-05 16:32:57, Info CSI 00000138 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-05-05 16:33:00, Info CSI 0000013b [SR] Verify complete
2013-05-05 16:33:00, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:00, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2013-05-05 16:33:04, Info CSI 0000013f [SR] Verify complete
2013-05-05 16:33:05, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:05, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2013-05-05 16:33:14, Info CSI 00000143 [SR] Verify complete
2013-05-05 16:33:15, Info CSI 00000144 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:15, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2013-05-05 16:33:22, Info CSI 00000147 [SR] Verify complete
2013-05-05 16:33:22, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:22, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2013-05-05 16:33:33, Info CSI 0000014b [SR] Verify complete
2013-05-05 16:33:34, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:34, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-05-05 16:33:53, Info CSI 00000165 [SR] Verify complete
2013-05-05 16:33:53, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:33:53, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2013-05-05 16:34:10, Info CSI 00000169 [SR] Verify complete
2013-05-05 16:34:11, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:34:11, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2013-05-05 16:34:44, Info CSI 0000016d [SR] Verify complete
2013-05-05 16:34:44, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:34:44, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2013-05-05 16:35:03, Info CSI 00000171 [SR] Verify complete
2013-05-05 16:35:03, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:35:03, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2013-05-05 16:35:15, Info CSI 00000175 [SR] Verify complete
2013-05-05 16:35:16, Info CSI 00000176 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:35:16, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2013-05-05 16:35:24, Info CSI 00000179 [SR] Verify complete
2013-05-05 16:35:25, Info CSI 0000017a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:35:25, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2013-05-05 16:35:33, Info CSI 0000017d [SR] Verify complete
2013-05-05 16:35:33, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:35:33, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2013-05-05 16:35:41, Info CSI 00000183 [SR] Verify complete
2013-05-05 16:35:41, Info CSI 00000184 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:35:41, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2013-05-05 16:36:03, Info CSI 00000187 [SR] Verify complete
2013-05-05 16:36:03, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:36:03, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2013-05-05 16:36:16, Info CSI 0000018b [SR] Verify complete
2013-05-05 16:36:17, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:36:17, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2013-05-05 16:36:25, Info CSI 0000018f [SR] Verify complete
2013-05-05 16:36:26, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:36:26, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2013-05-05 16:36:36, Info CSI 00000193 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:36:42, Info CSI 00000195 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:36:42, Info CSI 00000196 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:36:44, Info CSI 00000198 [SR] Verify complete
2013-05-05 16:36:45, Info CSI 00000199 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:36:45, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2013-05-05 16:36:56, Info CSI 0000019c [SR] Verify complete
2013-05-05 16:36:57, Info CSI 0000019d [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:36:57, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2013-05-05 16:37:10, Info CSI 000001a0 [SR] Verify complete
2013-05-05 16:37:10, Info CSI 000001a1 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:37:10, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2013-05-05 16:37:28, Info CSI 000001a5 [SR] Verify complete
2013-05-05 16:37:29, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:37:29, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2013-05-05 16:37:39, Info CSI 000001a9 [SR] Verify complete
2013-05-05 16:37:40, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:37:40, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2013-05-05 16:37:46, Info CSI 000001ad [SR] Verify complete
2013-05-05 16:37:47, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:37:47, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2013-05-05 16:37:55, Info CSI 000001b2 [SR] Verify complete
2013-05-05 16:37:55, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:37:55, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:05, Info CSI 000001b7 [SR] Verify complete
2013-05-05 16:38:06, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:06, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:20, Info CSI 000001e0 [SR] Verify complete
2013-05-05 16:38:21, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:21, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:27, Info CSI 000001e4 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:38:27, Info CSI 000001e6 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:38:28, Info CSI 000001ea [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:38:28, Info CSI 000001ec [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:38:32, Info CSI 000001f1 [SR] Verify complete
2013-05-05 16:38:32, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:32, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:45, Info CSI 000001f5 [SR] Verify complete
2013-05-05 16:38:46, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:46, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:54, Info CSI 000001f9 [SR] Verify complete
2013-05-05 16:38:55, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:55, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2013-05-05 16:38:59, Info CSI 000001fd [SR] Verify complete
2013-05-05 16:38:59, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:38:59, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:09, Info CSI 00000201 [SR] Verify complete
2013-05-05 16:39:09, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:39:09, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:16, Info CSI 00000205 [SR] Verify complete
2013-05-05 16:39:17, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:39:17, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:27, Info CSI 00000209 [SR] Verify complete
2013-05-05 16:39:28, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:39:28, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:47, Info CSI 0000020d [SR] Verify complete
2013-05-05 16:39:47, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:39:47, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:52, Info CSI 00000211 [SR] Verify complete
2013-05-05 16:39:53, Info CSI 00000212 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:39:53, Info CSI 00000213 [SR] Beginning Verify and Repair transaction
2013-05-05 16:39:59, Info CSI 00000215 [SR] Verify complete
2013-05-05 16:40:00, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:00, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:14, Info CSI 00000222 [SR] Verify complete
2013-05-05 16:40:15, Info CSI 00000223 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:15, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:20, Info CSI 00000226 [SR] Verify complete
2013-05-05 16:40:21, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:21, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:26, Info CSI 0000022a [SR] Verify complete
2013-05-05 16:40:27, Info CSI 0000022b [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:27, Info CSI 0000022c [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:37, Info CSI 0000022e [SR] Verify complete
2013-05-05 16:40:37, Info CSI 0000022f [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:37, Info CSI 00000230 [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:53, Info CSI 00000232 [SR] Verify complete
2013-05-05 16:40:54, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:54, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2013-05-05 16:40:57, Info CSI 00000236 [SR] Verify complete
2013-05-05 16:40:58, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:40:58, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2013-05-05 16:41:04, Info CSI 0000023b [SR] Verify complete
2013-05-05 16:41:05, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:41:05, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2013-05-05 16:41:17, Info CSI 00000243 [SR] Verify complete
2013-05-05 16:41:18, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:41:18, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2013-05-05 16:41:21, Info CSI 00000247 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:41:35, Info CSI 0000024c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:41:35, Info CSI 0000024d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:41:42, Info CSI 00000253 [SR] Verify complete
2013-05-05 16:41:43, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:41:43, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2013-05-05 16:41:54, Info CSI 00000262 [SR] Verify complete
2013-05-05 16:41:55, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:41:55, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2013-05-05 16:41:58, Info CSI 00000266 [SR] Verify complete
2013-05-05 16:41:58, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:41:58, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:02, Info CSI 0000026a [SR] Verify complete
2013-05-05 16:42:03, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:03, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:10, Info CSI 0000026e [SR] Verify complete
2013-05-05 16:42:10, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:10, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:17, Info CSI 00000275 [SR] Verify complete
2013-05-05 16:42:17, Info CSI 00000276 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:17, Info CSI 00000277 [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:24, Info CSI 00000279 [SR] Verify complete
2013-05-05 16:42:25, Info CSI 0000027a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:25, Info CSI 0000027b [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:38, Info CSI 000002a0 [SR] Verify complete
2013-05-05 16:42:39, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:39, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:44, Info CSI 000002a4 [SR] Verify complete
2013-05-05 16:42:44, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:44, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:51, Info CSI 000002a8 [SR] Verify complete
2013-05-05 16:42:52, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:42:52, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2013-05-05 16:42:59, Info CSI 000002ac [SR] Verify complete
2013-05-05 16:43:00, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:43:00, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2013-05-05 16:43:09, Info CSI 000002bf [SR] Verify complete
2013-05-05 16:43:09, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:43:09, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2013-05-05 16:43:25, Info CSI 000002c3 [SR] Verify complete
2013-05-05 16:43:26, Info CSI 000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:43:26, Info CSI 000002c5 [SR] Beginning Verify and Repair transaction
2013-05-05 16:43:42, Info CSI 000002d3 [SR] Verify complete
2013-05-05 16:43:43, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:43:43, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2013-05-05 16:43:47, Info CSI 000002d7 [SR] Verify complete
2013-05-05 16:43:48, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:43:48, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2013-05-05 16:43:59, Info CSI 000002dc [SR] Verify complete
2013-05-05 16:44:00, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:00, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2013-05-05 16:44:12, Info CSI 000002e1 [SR] Verify complete
2013-05-05 16:44:13, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:13, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2013-05-05 16:44:16, Info CSI 000002e5 [SR] Verify complete
2013-05-05 16:44:17, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:17, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2013-05-05 16:44:28, Info CSI 000002e9 [SR] Verify complete
2013-05-05 16:44:28, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:28, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-05-05 16:44:35, Info CSI 000002ed [SR] Verify complete
2013-05-05 16:44:35, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:35, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2013-05-05 16:44:53, Info CSI 00000309 [SR] Verify complete
2013-05-05 16:44:54, Info CSI 0000030a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:44:54, Info CSI 0000030b [SR] Beginning Verify and Repair transaction
2013-05-05 16:45:05, Info CSI 0000030f [SR] Verify complete
2013-05-05 16:45:06, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:45:06, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2013-05-05 16:45:41, Info CSI 00000313 [SR] Verify complete
2013-05-05 16:45:41, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:45:41, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2013-05-05 16:45:50, Info CSI 00000317 [SR] Verify complete
2013-05-05 16:45:51, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:45:51, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2013-05-05 16:45:58, Info CSI 0000031b [SR] Verify complete
2013-05-05 16:45:59, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:45:59, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2013-05-05 16:46:06, Info CSI 00000320 [SR] Verify complete
2013-05-05 16:46:06, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:46:06, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2013-05-05 16:46:27, Info CSI 00000324 [SR] Verify complete
2013-05-05 16:46:27, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:46:27, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2013-05-05 16:46:37, Info CSI 00000328 [SR] Verify complete
2013-05-05 16:46:37, Info CSI 00000329 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:46:37, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2013-05-05 16:46:44, Info CSI 0000032c [SR] Verify complete
2013-05-05 16:46:45, Info CSI 0000032d [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:46:45, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2013-05-05 16:46:53, Info CSI 00000331 [SR] Verify complete
2013-05-05 16:46:53, Info CSI 00000332 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:46:53, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:00, Info CSI 00000335 [SR] Verify complete
2013-05-05 16:47:00, Info CSI 00000336 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:00, Info CSI 00000337 [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:08, Info CSI 00000339 [SR] Verify complete
2013-05-05 16:47:09, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:09, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:18, Info CSI 00000340 [SR] Verify complete
2013-05-05 16:47:19, Info CSI 00000341 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:19, Info CSI 00000342 [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:28, Info CSI 00000344 [SR] Verify complete
2013-05-05 16:47:29, Info CSI 00000345 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:29, Info CSI 00000346 [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:35, Info CSI 00000349 [SR] Verify complete
2013-05-05 16:47:35, Info CSI 0000034a [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:35, Info CSI 0000034b [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:45, Info CSI 0000034d [SR] Verify complete
2013-05-05 16:47:46, Info CSI 0000034e [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:46, Info CSI 0000034f [SR] Beginning Verify and Repair transaction
2013-05-05 16:47:55, Info CSI 00000351 [SR] Verify complete
2013-05-05 16:47:56, Info CSI 00000352 [SR] Verifying 100 (0x0000000000000064) components
2013-05-05 16:47:56, Info CSI 00000353 [SR] Beginning Verify and Repair transaction
2013-05-05 16:48:04, Info CSI 00000355 [SR] Verify complete
2013-05-05 16:48:04, Info CSI 00000356 [SR] Verifying 10 (0x000000000000000a) components
2013-05-05 16:48:04, Info CSI 00000357 [SR] Beginning Verify and Repair transaction
2013-05-05 16:48:05, Info CSI 00000359 [SR] Verify complete
2013-05-05 16:48:05, Info CSI 0000035a [SR] Repairing 6 components
2013-05-05 16:48:05, Info CSI 0000035b [SR] Beginning Verify and Repair transaction
2013-05-05 16:48:05, Info CSI 0000035d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:05, Info CSI 0000035f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:05, Info CSI 00000361 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-05-05 16:48:06, Info CSI 00000364 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:06, Info CSI 00000365 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:48:06, Info CSI 00000367 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:48:06, Info CSI 00000369 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:48:06, Info CSI 0000036d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:06, Info CSI 0000036e [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:48:06, Info CSI 00000370 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:48:06, Info CSI 00000372 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:48:07, Info  CSI 00000376 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-05-05 16:48:07, Info CSI 00000379 [SR] Repair complete
2013-05-05 16:48:07, Info CSI 0000037a [SR] Committing transaction
2013-05-05 16:48:07, Info CSI 0000037b [SR] Cannot commit interactively, there are boot critical components being repaired
2013-05-05 16:48:07, Info CSI 0000037c [SR] Repairing 6 components
2013-05-05 16:48:07, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2013-05-05 16:48:07, Info CSI 0000037f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:07, Info CSI 00000381 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:07, Info CSI 00000383 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-05-05 16:48:07, Info CSI 00000386 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:07, Info CSI 00000387 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:48:07, Info CSI 00000389 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:48:07, Info CSI 0000038b [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:48:08, Info CSI 0000038f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-05-05 16:48:08, Info CSI 00000390 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2013-05-05 16:48:08, Info CSI 00000392 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-05-05 16:48:08, Info CSI 00000394 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-05-05 16:48:08, Info CSI 00000398 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-05-05 16:48:08, Info CSI 0000039b [SR] Repair complete


----------



## Mark1956 (May 7, 2011)

Ok, the System File Checker has again replaced three files that it detected as being corrupt and it also shows the same issue with the settings.ini file. A little research shows that this problem is not uncommon with those specific files and is simply due an an error in the System File Checker. I appreciate that it may be a bit disconcerting to leave it as it is, but I believe this problem can be safely ignored as it is highly unlikely there is actually anything wrong with the files.

We can now start the clean up of the tools used.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.


The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).

*Next*


Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*

================================================================

Please also run this to check your security.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------



## kbmccarthy (Sep 12, 2010)

ran the "re-enable",the uninstall combo fix and the otc and security check. There are still programs tools on the desktop. Here is the log for the security check.

Results of screen317's Security Check version 0.99.63 
Windows Vista Service Pack 2 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.70.0.1100 
Adobe Flash Player 11.7.700.169 
Adobe Reader 10.1.4 *Adobe Reader out of Date!* 
Mozilla Firefox (20.0.1) 
Google Chrome 26.0.1410.43 
Google Chrome 26.0.1410.64 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 1 % 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

> There are still programs tools on the desktop.


 If you had read all the instructions you would have seen the note in green at the bottom that tells you what to do.

All we need to do is update Adobe Reader and we are done.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and uninstall the following Adobe entries:

*Adobe Reader 10.1.4*

*NOTE:* For *XP* click on







> *Control Panel*, double-click on *Add or Remove Programs* and continue as above.

Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.










You will now see a page similar to this one:










All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for *Windows* Operating Systems and for *Internet Explorer* in *English*. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of *Windows* to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for any Add-ons like Google Toolbar, McAfee products, etc. and uncheck the box to exclude them. The above image shows the Google Toolbar being offered but this will change from time to time for other products.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.


----------



## kbmccarthy (Sep 12, 2010)

I did read the entire post, including the part in green and I did run OTC. I apologize, but I am not quite sure about what is left, if it was something related to this process or if it existed before.


----------



## Mark1956 (May 7, 2011)

I can't answer that without knowing what the items are, can you send me a screenshot of your desktop.


----------

