
Google Redirect
#1
Posted 23 August 2011 - 01:33 PM
Register to Remove
#2
Posted 23 August 2011 - 02:09 PM
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.
If you do not make a reply in 3 days, we will have to close your topic.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.
Please take note of some guidelines for this fix:
•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
If suspicious objects are found select skip - Then click Continue > Reboot now
- Only if Malicious objects are found then ensure Cure is selected
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.
#3
Posted 23 August 2011 - 05:33 PM
#4
Posted 23 August 2011 - 05:48 PM
OTL logfile created on: 8/23/2011 7:39:32 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Kelly R\Pictures
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.06% Memory free
5.98 Gb Paging File | 4.00 Gb Available in Paging File | 66.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 405.78 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.49 Gb Free Space | 74.82% Space Free | Partition Type: FAT32
Computer Name: KELLYR-HP | User Name: Kelly R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kelly R\Pictures\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\PaperCut NG Client\pc-client.exe ()
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\627ae56ed87ebc7408346520c746352f\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files\PaperCut NG Client\pc-client.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Interop.HPQWMIEXLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQWMIEXLib.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Windows\System32\SUPSDK.dll ()
MOD - C:\Windows\System32\flcdlmsg.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
========== Win32 Services (SafeList) ==========
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (uArcCapture) -- C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
SRV - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110823.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110823.002\NAVENG.SYS (Symantec Corporation)
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (vpcbus) -- C:\windows\system32\DRIVERS\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (vmbus) -- C:\windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (archlp) -- C:\Windows\System32\drivers\ArcHlp.sys ()
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/01/14 23:19:02 | 000,000,000 | ---D | M]
Hosts file not found
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DTRun] c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperCut NG Client] C:\Program Files\PaperCut NG Client\pc-client.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/08/23 16:36:49 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Local\Symantec
[2011/08/23 16:36:15 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/08/23 16:33:38 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\capicom.dll
[2011/08/23 16:33:34 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFC71.DLL
[2011/08/23 16:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/23 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/08/23 16:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/23 16:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/23 16:10:10 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/08/23 16:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/23 16:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/23 15:51:12 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PaperCut NG
[2011/08/23 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaperCut NG
[2011/08/23 15:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut NG Client
[2011/08/23 15:51:04 | 000,090,112 | ---- | C] (Sheridan College Institute of Technology and Advanced Learning) -- C:\windows\System32\CookieHunter.exe
[2011/08/23 15:51:04 | 000,049,152 | ---- | C] (Sheridan College Institute of Technology and Advanced Learning) -- C:\windows\System32\s_d.exe
[2011/08/23 15:51:04 | 000,000,000 | ---D | C] -- C:\windows\System32\wins
[2011/08/23 14:33:27 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Roaming\Malwarebytes
[2011/08/23 14:33:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/08/23 14:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/23 14:33:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/08/22 15:48:36 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kelly R\Desktop\TDSSKiller.exe
[2011/08/21 15:29:57 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2011/08/21 15:29:33 | 000,380,928 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\aestecap.dll
[2011/08/21 15:29:33 | 000,061,440 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\aestaren.dll
[2011/08/21 15:29:32 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2011/08/21 15:29:32 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2011/08/21 15:29:32 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
[2011/08/21 15:29:32 | 000,140,288 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\aestacap.dll
[2011/08/21 15:29:32 | 000,086,016 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\AESTCom.dll
[2011/08/21 15:29:29 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2011/08/21 15:28:54 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2011/08/21 15:28:54 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2011/08/21 15:28:53 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2011/08/21 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/08/21 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/08/21 15:20:32 | 015,180,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atioglxx.dll
[2011/08/21 15:20:32 | 005,590,016 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atikmdag.sys
[2011/08/21 15:20:32 | 004,096,000 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticaldd.dll
[2011/08/21 15:20:32 | 000,511,488 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\aticfx32.dll
[2011/08/21 15:20:32 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\ATIDEMGX.dll
[2011/08/21 15:20:32 | 000,376,832 | ---- | C] (AMD) -- C:\windows\System32\atieclxx.exe
[2011/08/21 15:20:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\atipdlxx.dll
[2011/08/21 15:20:32 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiadlxx.dll
[2011/08/21 15:20:32 | 000,210,432 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\drivers\atikmpag.sys
[2011/08/21 15:20:32 | 000,176,128 | ---- | C] (AMD) -- C:\windows\System32\atiesrxx.exe
[2011/08/21 15:20:32 | 000,159,744 | ---- | C] (AMD) -- C:\windows\System32\atitmmxx.dll
[2011/08/21 15:20:32 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiapfxx.exe
[2011/08/21 15:20:32 | 000,108,560 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\drivers\AtiHdmi.sys
[2011/08/21 15:20:32 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2erec.dll
[2011/08/21 15:20:32 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalrt.dll
[2011/08/21 15:20:32 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalcl.dll
[2011/08/21 15:20:32 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atimpc32.dll
[2011/08/21 15:20:32 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\amdpcom32.dll
[2011/08/21 15:20:32 | 000,050,176 | ---- | C] (AMD) -- C:\windows\System32\coinst.dll
[2011/08/21 15:20:32 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\System32\ati2edxx.dll
[2011/08/21 15:20:32 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiuxpag.dll
[2011/08/21 15:20:32 | 000,022,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiu9pag.dll
[2011/08/21 15:20:32 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atigktxx.dll
[2011/08/21 15:20:32 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiglpxx.dll
[2011/08/21 15:20:32 | 000,011,776 | ---- | C] (AMD) -- C:\windows\System32\atimuixx.dll
[2011/08/21 14:53:01 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/08/21 14:53:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/08/21 14:53:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/21 14:53:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/21 14:53:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/21 14:53:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/21 14:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/21 14:52:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/21 14:52:50 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/08/21 14:52:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/08/21 14:52:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/08/21 14:52:50 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2011/08/21 14:52:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2011/08/21 14:46:40 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Roaming\Remote
[2011/08/02 13:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/08/02 13:03:34 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Roaming\AVS4YOU
[2011/08/02 13:02:51 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\windows\System32\libmfxsw32.dll
[2011/08/02 13:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/08/02 13:02:49 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\windows\System32\libmfxhw32.dll
[2011/08/02 13:02:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3a.dll
[2011/08/02 13:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/07/26 03:19:29 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/07/26 03:18:40 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/07/26 03:18:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/07/26 03:18:39 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2011/07/26 03:18:39 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2011/07/26 03:18:39 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2011/07/26 03:18:39 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2011/07/26 03:18:35 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/07/26 03:18:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/07/26 03:18:33 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/07/26 03:18:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/07/26 03:18:28 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/07/26 03:18:28 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/07/26 03:18:27 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/07/26 03:18:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2011/07/26 03:18:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/07/26 03:18:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/07/26 03:18:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2011/07/26 03:18:25 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/07/26 03:18:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/07/26 03:18:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/07/26 03:18:24 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2011/07/26 03:18:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2011/07/26 03:18:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/07/26 03:18:23 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/07/26 02:36:23 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/07/26 02:36:23 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/07/26 02:36:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/07/26 02:36:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/07/26 02:36:22 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/07/26 02:36:22 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/07/26 02:36:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/07/26 02:05:13 | 000,000,000 | ---D | C] -- C:\83d44599bbd6a65d51c1fb92
[2011/07/26 01:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/26 01:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/26 01:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/07/26 01:36:43 | 000,000,000 | ---D | C] -- C:\Users\Kelly R\AppData\Roaming\hpqLog
[2011/07/26 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/26 01:15:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/07/26 01:15:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/07/26 01:15:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/07/26 01:10:33 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/03/28 15:04:25 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/03/28 15:04:24 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2 C:\Users\Kelly R\Documents\*.tmp files -> C:\Users\Kelly R\Documents\*.tmp -> ]
[1 C:\Users\Kelly R\*.tmp files -> C:\Users\Kelly R\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2039/03/20 21:02:00 | 001,214,288 | ---- | M] () -- C:\Users\Kelly R\Documents\101_0470.JPG
[2039/03/20 21:02:00 | 001,070,512 | ---- | M] () -- C:\Users\Kelly R\Documents\101_0472.JPG
[2039/03/20 21:02:00 | 000,959,640 | ---- | M] () -- C:\Users\Kelly R\Documents\101_0453.JPG
[2011/08/23 19:37:02 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 19:37:02 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 19:35:04 | 000,633,494 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/23 19:35:04 | 000,112,576 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/23 19:28:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/23 19:28:30 | 2407,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/23 19:20:17 | 084,472,207 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011/08/23 16:36:21 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/08/23 16:36:21 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/08/23 16:36:21 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/08/23 16:29:31 | 000,415,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/08/23 14:33:21 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 13:44:02 | 000,000,655 | ---- | M] () -- C:\PreCheck.htm
[2011/08/22 16:44:51 | 000,000,127 | ---- | M] () -- C:\windows\System32\MRT.INI
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kelly R\Desktop\TDSSKiller.exe
[2011/08/21 15:28:20 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2011/08/21 15:28:20 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2011/08/21 15:28:20 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2011/08/21 15:28:20 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2011/08/21 15:28:20 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2011/08/21 15:28:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2011/08/21 15:28:20 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2011/08/21 15:28:19 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2011/08/21 15:28:19 | 000,380,928 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\aestecap.dll
[2011/08/21 15:28:19 | 000,140,288 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\aestacap.dll
[2011/08/21 15:28:19 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\AESTCom.dll
[2011/08/21 15:28:19 | 000,061,440 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\aestaren.dll
[2011/08/21 15:20:12 | 015,180,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atioglxx.dll
[2011/08/21 15:20:12 | 005,590,016 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atikmdag.sys
[2011/08/21 15:20:12 | 004,096,000 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticaldd.dll
[2011/08/21 15:20:12 | 003,809,792 | ---- | M] (ATI Technologies Inc. ) -- C:\windows\System32\atiumdag.dll
[2011/08/21 15:20:12 | 003,668,480 | ---- | M] (ATI Technologies Inc. ) -- C:\windows\System32\atidxx32.dll
[2011/08/21 15:20:12 | 003,025,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiumdva.dll
[2011/08/21 15:20:12 | 000,534,960 | ---- | M] () -- C:\windows\System32\atiumdva.cap
[2011/08/21 15:20:12 | 000,511,488 | ---- | M] (ATI Technologies Inc. ) -- C:\windows\System32\aticfx32.dll
[2011/08/21 15:20:12 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\System32\ATIDEMGX.dll
[2011/08/21 15:20:12 | 000,376,832 | ---- | M] (AMD) -- C:\windows\System32\atieclxx.exe
[2011/08/21 15:20:12 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\atipdlxx.dll
[2011/08/21 15:20:12 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiadlxx.dll
[2011/08/21 15:20:12 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\System32\drivers\atikmpag.sys
[2011/08/21 15:20:12 | 000,203,336 | ---- | M] () -- C:\windows\System32\atiicdxx.dat
[2011/08/21 15:20:12 | 000,176,128 | ---- | M] (AMD) -- C:\windows\System32\atiesrxx.exe
[2011/08/21 15:20:12 | 000,159,744 | ---- | M] (AMD) -- C:\windows\System32\atitmmxx.dll
[2011/08/21 15:20:12 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\System32\atiapfxx.exe
[2011/08/21 15:20:12 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\drivers\AtiHdmi.sys
[2011/08/21 15:20:12 | 000,057,816 | ---- | M] () -- C:\windows\System32\atiapfxx.blb
[2011/08/21 15:20:12 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2erec.dll
[2011/08/21 15:20:12 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalrt.dll
[2011/08/21 15:20:12 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\System32\aticalcl.dll
[2011/08/21 15:20:12 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atimpc32.dll
[2011/08/21 15:20:12 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\amdpcom32.dll
[2011/08/21 15:20:12 | 000,050,176 | ---- | M] (AMD) -- C:\windows\System32\coinst.dll
[2011/08/21 15:20:12 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\ati2edxx.dll
[2011/08/21 15:20:12 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiuxpag.dll
[2011/08/21 15:20:12 | 000,022,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiu9pag.dll
[2011/08/21 15:20:12 | 000,021,544 | ---- | M] () -- C:\windows\atiogl.xml
[2011/08/21 15:20:12 | 000,016,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atigktxx.dll
[2011/08/21 15:20:12 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\System32\atiglpxx.dll
[2011/08/21 15:20:12 | 000,011,776 | ---- | M] (AMD) -- C:\windows\System32\atimuixx.dll
[2011/08/21 15:20:12 | 000,002,189 | ---- | M] () -- C:\windows\System32\atipblag.dat
[2011/08/11 14:48:16 | 000,090,112 | ---- | M] (Sheridan College Institute of Technology and Advanced Learning) -- C:\windows\System32\CookieHunter.exe
[2011/07/26 02:41:36 | 000,001,411 | ---- | M] () -- C:\Users\Kelly R\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/26 02:36:23 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/07/26 02:36:23 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/07/26 02:36:23 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/07/26 02:36:23 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/07/26 02:36:22 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/07/26 02:36:22 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/07/26 02:36:22 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/07/26 01:47:00 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/26 01:38:20 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/26 00:46:39 | 000,012,484 | -HS- | M] () -- C:\Users\Kelly R\AppData\Local\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/26 00:46:39 | 000,012,484 | -HS- | M] () -- C:\ProgramData\05a3a062i5h21hn5r14r184j8402x6866h8
[2 C:\Users\Kelly R\Documents\*.tmp files -> C:\Users\Kelly R\Documents\*.tmp -> ]
[1 C:\Users\Kelly R\*.tmp files -> C:\Users\Kelly R\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/23 16:36:15 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/08/23 16:36:15 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/08/23 15:51:04 | 000,028,386 | ---- | C] () -- C:\windows\System32\wcita.dll
[2011/08/23 15:51:04 | 000,028,384 | ---- | C] () -- C:\windows\System32\ttlbzho.dll
[2011/08/23 15:51:04 | 000,001,450 | ---- | C] () -- C:\windows\System32\clones.ini
[2011/08/23 15:51:04 | 000,000,028 | ---- | C] () -- C:\windows\System32\wfc1.ini
[2011/08/23 14:33:21 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 13:44:03 | 000,000,655 | ---- | C] () -- C:\PreCheck.htm
[2011/08/21 15:29:32 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/08/21 15:20:32 | 000,534,960 | ---- | C] () -- C:\windows\System32\atiumdva.cap
[2011/08/21 15:20:32 | 000,203,336 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/08/21 15:20:32 | 000,057,816 | ---- | C] () -- C:\windows\System32\atiapfxx.blb
[2011/08/21 15:20:32 | 000,021,544 | ---- | C] () -- C:\windows\atiogl.xml
[2011/08/21 15:20:32 | 000,002,189 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2011/07/26 02:07:45 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/07/26 01:46:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/26 01:46:29 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/26 01:38:20 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/25 01:09:07 | 000,012,484 | -HS- | C] () -- C:\Users\Kelly R\AppData\Local\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/25 01:09:07 | 000,012,484 | -HS- | C] () -- C:\ProgramData\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/02/11 01:55:51 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/09/11 19:42:30 | 000,164,673 | ---- | C] () -- C:\windows\hpoins29.dat
[2010/09/11 19:42:30 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2010/08/31 21:28:55 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/28 15:04:25 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/03/28 15:04:25 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/03/28 15:04:25 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/03/28 15:04:25 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/03/28 14:51:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/01/14 23:41:27 | 000,000,188 | ---- | C] () -- C:\windows\System32\HPWA.ini
[2010/01/14 23:21:58 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/01/14 22:58:11 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/12/15 21:12:10 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/12/14 17:26:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/12/11 15:20:30 | 000,648,464 | ---- | C] () -- C:\windows\System32\SUPSDK.dll
[2009/12/11 15:20:18 | 000,050,448 | ---- | C] () -- C:\windows\System32\ExpSnapShotAPI.dll
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2009/11/24 17:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2009/11/17 18:39:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,415,288 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,633,494 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,112,576 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 18:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 18:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/07/10 14:46:30 | 007,488,032 | R--- | C] () -- C:\windows\System32\CogentData1.dat
[2009/07/10 14:46:28 | 000,002,432 | R--- | C] () -- C:\windows\System32\CogentData2.dat
[2009/06/22 18:08:10 | 016,128,032 | R--- | C] () -- C:\windows\System32\CogentData4.dat
[2009/06/22 18:08:10 | 000,004,032 | R--- | C] () -- C:\windows\System32\CogentData5.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/03 19:17:14 | 000,131,584 | ---- | C] () -- C:\windows\System32\drivers\ArcHlp.sys
[2009/02/18 03:55:22 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/02/03 06:52:04 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
========== LOP Check ==========
[2010/08/30 01:31:00 | 000,000,000 | ---D | M] -- C:\Users\Kelly R\AppData\Roaming\DigitalPersona
[2011/08/21 14:46:40 | 000,000,000 | ---D | M] -- C:\Users\Kelly R\AppData\Roaming\Remote
[2011/08/21 19:18:31 | 000,032,602 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/08/23 19:28:30 | 2407,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/23 19:28:31 | 3210,604,544 | -HS- | M] () -- C:\pagefile.sys
[2011/08/23 13:44:02 | 000,000,655 | ---- | M] () -- C:\PreCheck.htm
[2011/08/23 19:27:18 | 000,080,162 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_23.08.2011_19.25.42_log.txt
[2009/10/19 16:43:06 | 000,047,104 | ---- | M] () -- C:\Thumbs.db
< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 21:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/26 02:41:36 | 000,000,221 | -HS- | M] () -- C:\Users\Kelly R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kelly R\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
[2009/07/21 15:08:00 | 000,013,021 | ---- | M] () -- C:\windows\snp2uvc.src
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/08/30 03:02:15 | 000,000,402 | -HS- | M] () -- C:\Users\Kelly R\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/07/26 00:46:39 | 000,012,484 | -HS- | M] () -- C:\ProgramData\05a3a062i5h21hn5r14r184j8402x6866h8
[2010/09/16 15:01:36 | 000,002,673 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/02/25 14:18:32 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-23 19:37:15
< >
< End of report >
#5
Posted 23 August 2011 - 05:50 PM
OTL Extras logfile created on: 8/23/2011 7:39:32 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Kelly R\Pictures
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.06% Memory free
5.98 Gb Paging File | 4.00 Gb Available in Paging File | 66.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 405.78 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.49 Gb Free Space | 74.82% Space Free | Partition Type: FAT32
Computer Name: KELLYR-HP | User Name: Kelly R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{03564371-AEA7-41CB-B441-B690A47AE5FC}" = CCC Help Korean
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0497B553-0E3F-4CCD-BE13-E28F1A54B318}" = HP HotKey Support
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0EB565B2-B482-0343-A90E-2984781DC7A0}" = Catalyst Control Center InstallProxy
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{142D2DFA-1FB7-41B9-8509-DAB5F3978CE4}" = Privacy Manager for HP ProtectTools
"{16CBD1DE-9016-FFE0-C4FC-7BC9C433F834}" = CCC Help French
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25E165AC-66FF-B562-5574-D7B7CFD33322}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 26
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2712DAD6-C1F7-4295-B06E-17D6DC62EC20}" = HP Software Framework
"{2B413011-D8EA-810D-2181-D80C71209BAF}" = CCC Help Hungarian
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31F3F03C-CEAA-4907-3C4D-D9AF6848F6AE}" = CCC Help English
"{32C25CAB-840F-45D7-16A2-090722C091FD}" = CCC Help Danish
"{335CC3A9-E31F-1BA5-E971-BA6FC1273004}" = CCC Help Dutch
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3BDB9B89-56B5-4953-B052-AEB75FCBFC93}" = HP User Guides 0189
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{454E2EA5-D931-5490-30DF-3A2CA69063AF}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4AC58C-5B6E-A153-F102-CD4212A626B8}" = CCC Help Chinese Standard
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AADE51C-D126-0A5A-A62A-2DE8297224CE}" = CCC Help Finnish
"{4D8F3CDE-0930-25E4-B408-103CE84407E7}" = CCC Help Spanish
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F765E00-EE1C-4392-93B4-54310358F41A}" = ArcSoft TotalMedia
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{52BE2E98-018F-77CA-3F11-AF09A8E81770}" = ccc-utility
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5DCBD841-3768-4D3A-8517-65BFB87E05D3}" = Validity Fingerprint Driver
"{5E0772BF-BE9D-C1FC-576A-53F4432552E4}" = CCC Help Czech
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{670234D0-42BE-493E-B3EB-6B5275530461}" = Corel Home Office
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F745B-0594-891F-AC32-6995B9F98EE2}" = CCC Help German
"{7298FBF4-E8A6-E898-09B7-951B3BFCBA33}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F485D}" = HP QuickWeb
"{79F4FC67-0479-8078-1B71-FCA6547592CF}" = CCC Help Turkish
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{8A0590BF-9036-47D5-BBE7-50590649760C}" = HP ProtectTools Security Manager
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B49BD5E-C896-4F65-95DC-3F84424226E8}" = HP QuickLook
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{609845CA-DCBB-48DB-8A1A-26876D4CE6DB}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904459A8-B731-793F-493C-FAA7DACFA325}" = CCC Help Russian
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A62118B-8243-E78D-1C0C-0A45A3D64AA7}" = CCC Help Chinese Traditional
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C780DBC-F527-FC46-7719-C4B163F75A37}" = Catalyst Control Center InstallProxy
"{9C956880-0FA6-75EA-5B3C-2BAACCD60B37}" = CCC Help Italian
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A4C1127B-470E-2CD4-E544-1D480CD8C141}" = CCC Help Norwegian
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B629F002-202C-C5F7-86B5-C98EDB34A0A6}" = CCC Help Thai
"{BCCB8356-97FD-F9D2-A621-BFC451342049}" = ccc-core-static
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAEFDCE5-D425-41BD-9122-ECC0D357F924}" = PaperCut NG Client 11.2
"{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CF756033-0095-B674-8950-E8C7188F73F5}" = CCC Help Portuguese
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA9660B6-F1DD-41D3-BA3C-E7F7BF9921B2}" = Catalyst Control Center - Branding
"{E366F338-BF6E-4165-BDDB-3DCCB3388F9F}" = HP Power Data
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F2E65680-9A39-A666-5C77-11AAA25F9069}" = CCC Help Japanese
"{F3FD0824-91D9-7035-AF64-E8F918ACC9B8}" = Catalyst Control Center Graphics Previews Vista
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F4C3814A-A45D-C8BC-66F4-426D0955E0ED}" = ATI Catalyst Install Manager
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FCDA0BA4-E6C9-7493-3CCD-59277A65B537}" = CCC Help Greek
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"AVG9Uninstall" = AVG Free 9.0
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Drive Encryption" = Drive Encryption for HP ProtectTools
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/28/2011 12:00:01 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 7/28/2011 12:13:13 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/1/2011 11:30:31 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/1/2011 11:30:34 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/1/2011 11:31:18 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/1/2011 11:31:20 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/1/2011 11:31:38 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 1:44:05 AM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 12:47:26 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 12:47:28 PM | Computer Name = KellyR-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ HP Power Assistant Events ]
Error - 8/23/2011 3:44:02 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B).
Error - 8/23/2011 3:44:02 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B). at HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 8/23/2011 4:02:45 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B).
Error - 8/23/2011 4:02:45 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B). at HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 8/23/2011 4:32:25 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B).
Error - 8/23/2011 4:32:25 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B). at HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 8/23/2011 7:19:07 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B).
Error - 8/23/2011 7:19:07 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B). at HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 8/23/2011 7:32:07 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B).
Error - 8/23/2011 7:32:07 PM | Computer Name = KellyR-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=PCI\VEN_168C&DEV_002B). at HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
[ HP Wireless Assistant Events ]
Error - 8/10/2011 10:39:47 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/21/2011 3:59:42 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/21/2011 3:59:42 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/21/2011 4:09:28 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/21/2011 4:09:28 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/21/2011 7:18:30 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at MessageHandlers.MessageHandler.stopListening()
Error - 8/21/2011 7:18:31 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC
server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()
Error - 8/23/2011 1:38:35 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/23/2011 1:39:54 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 8/23/2011 1:39:54 PM | Computer Name = KellyR-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext
()
at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
[ System Events ]
Error - 2/8/2011 11:38:38 AM | Computer Name = KellyR-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Power Assistant Service service.
Error - 2/12/2011 12:21:41 AM | Computer Name = KellyR-HP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385E93AEB" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.
Error - 2/12/2011 12:21:41 AM | Computer Name = KellyR-HP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385E93AEB" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.
Error - 3/7/2011 3:01:00 PM | Computer Name = KellyR-HP | Source = Service Control Manager | ID = 7000
Description = The Intel® Management & Security Application User Notification Service
service failed to start due to the following error: %%109
Error - 3/13/2011 10:30:54 PM | Computer Name = KellyR-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Wireless Assistant Service service.
Error - 3/29/2011 7:41:08 AM | Computer Name = KellyR-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Wireless Assistant Service service.
Error - 3/30/2011 4:11:44 PM | Computer Name = KellyR-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:11:42 PM on ?29/?03/?2011 was unexpected.
Error - 4/13/2011 4:20:45 PM | Computer Name = KellyR-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Wireless Assistant Service service.
Error - 6/2/2011 12:47:52 PM | Computer Name = KellyR-HP | Source = DCOM | ID = 10010
Description =
Error - 6/2/2011 12:47:57 PM | Computer Name = KellyR-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Update for Windows 7 (KB2534366).
< End of report >
#6
Posted 23 August 2011 - 05:52 PM
#7
Posted 24 August 2011 - 02:42 AM
http://www.avg.com/us-en/utilities
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
#8
Posted 24 August 2011 - 10:59 AM
#9
Posted 24 August 2011 - 02:13 PM
#10
Posted 24 August 2011 - 09:10 PM
#11
Posted 25 August 2011 - 02:10 AM
#12
Posted 28 August 2011 - 10:57 AM
If you need help please start a new thread.
New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users