Searchnu removed from add ons but I think it's still there

[lilyaqha]

How do I remove this? Malwarebites isn't doing the trick. I have a funny feeling its still here. Thanks!

[Maniac]

Hello lilyaqha and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• OTL log with Extras.txt

[lilyaqha]

Hi, thanks for the quick reply! I'll be out for the next few hours.

Extras.Txt

MBAM LOG.txt

OTL.Txt

[Maniac]

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Copy&Paste the entire report in your next reply.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

[lilyaqha]

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.14.04

Windows Vista Service Pack 1 x64 NTFS

Internet Explorer 8.0.6001.19088

Kim :: KIMJIM [administrator]

4/14/2012 9:31:15 AM

mbam-log-2012-04-14 (09-31-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198134

Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL Extras logfile created on: 4/14/2012 9:46:55 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kim\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 54.85% Memory free

12.19 Gb Paging File | 9.08 Gb Available in Paging File | 74.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.36 Gb Total Space | 146.06 Gb Free Space | 25.08% Space Free | Partition Type: NTFS

Drive D: | 13.81 Gb Total Space | 1.95 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: KIMJIM | User Name: Kim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2640557747-2532671182-154105515-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D3C7841-C12E-4825-BF5B-46245ADFBAAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1E0B3D47-DC00-4B49-903A-F8AA5738F861}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{23CC7449-5DB8-4917-B665-8658BE823B20}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{3495FE6C-60C9-49FA-BB32-0C326B23F7A2}" = rport=137 | protocol=17 | dir=out | app=system |

"{40FB7E56-41E6-4E95-9167-FCE56BD55AE4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{47DF3F01-3BC6-4042-A350-09AF23CA58C6}" = lport=445 | protocol=6 | dir=in | app=system |

"{4A384A03-37AC-40FE-8FEC-657DBF7553F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{4A4A863F-454A-4E42-9AC2-F3A83054B416}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{65E325BA-A5B7-4AF4-915D-4641D86F8207}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6B0E3CE2-890C-4A54-B2D8-DC224BFAD4D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{86B02E14-ECF3-49E6-9A19-D8D334872399}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{876A93E0-59B8-4748-B8D2-EE179782D16C}" = rport=138 | protocol=17 | dir=out | app=system |

"{8ABC78AC-EE58-4B09-9DE6-899B9755FE74}" = rport=445 | protocol=6 | dir=out | app=system |

"{8CAE332B-7F6C-407E-8549-907B34E5A6AE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8F2B0408-D303-4608-9DDC-9D6726507F7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9A91D410-EAB3-4B67-9B9D-0479CA9595D8}" = lport=138 | protocol=17 | dir=in | app=system |

"{A2978621-A6CA-4BF8-8A54-99F4A8C27C01}" = lport=137 | protocol=17 | dir=in | app=system |

"{CAE32564-C99C-41F1-A704-EC7DBB662F41}" = rport=139 | protocol=6 | dir=out | app=system |

"{CBCAA3B6-67F0-4403-84B2-1542E7911B4F}" = lport=139 | protocol=6 | dir=in | app=system |

"{F2EAB17A-8F8F-4123-99F1-3219654C08EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{050ED184-F25C-4CEF-9F19-DA27D42ECA98}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{092C896E-57CA-466E-B3EC-B3BD45FDB7D2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{18334A2A-9D57-402D-95C4-DE78789B03D0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{27841A50-0C02-473D-AE29-20FB81776CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |

"{3919F7EF-E233-4ABF-9ED9-812DF3F1B306}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{47B83F88-5FF3-4551-99E4-9F6CFEF808DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{5857AB26-7292-46F5-81DD-D694CB4118CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6141A32C-3859-4A9F-82A9-3BE1867E73FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{65794D84-9312-4CB5-A582-3FCC3EF69655}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{6E08887A-F08B-468C-9F99-153991EC0387}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6F32D6AF-74A3-4D69-B772-42AC02ADD97A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{7F50E6D1-A1C9-445B-A9A8-83EF4D9DF149}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{9246B573-8A2A-4B66-87DF-2CF32E98409F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{95BC1A6C-FA67-4F08-AFC1-B5F20EACA882}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{97AB24F4-EACE-4213-8113-14E7EA1A0207}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{9A8FEA11-3D8B-4574-9590-B60949DB7487}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9D8A922A-0D8A-49DD-B51F-EAD307731AFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{A9E70CCE-1BCE-44A2-8147-C2E24407FED2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{BB3FB8F4-823F-42CA-B812-D3E6638238BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{C251430C-8A4E-4920-BF9B-E11C64EDF95C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{D20DEB07-B407-4647-9AEE-7B4B844ED888}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{D40804EE-D97A-41E7-AFE3-56F7C1B2D475}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{D612060B-1E94-47A8-A710-85057EB3BD04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{D7A57B63-DA73-44B6-9601-30F48EBF7F20}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{ECA0AE18-CE4F-4E7E-B159-FCE5D1AFCBA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{ECA79AEF-DD3F-435E-BE5B-719C9B15AC66}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F32FA44C-95FB-4EEE-9260-7F561526B83B}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |

"{F9F93463-D7AB-49B2-9644-7548C1E4DFD0}" = dir=in | app=e:\setup\hpznui40.exe |

"TCP Query User{7DFF99BC-18C7-4502-8ED7-1DCC2D4FDFAE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{C12A02F9-42A2-4EE4-B612-33D0A9CF58F3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{6BD02B49-9EBE-4EAA-9F33-CC863A2B23A8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{F865B376-4A22-449D-8F2A-ADE46D17D7B7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software

"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library

"{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 30

"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform

"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor

"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup

"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software

"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1

"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700

"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = Western Digital USB 3.0 Host Controller Driver

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FBD461E5-52C3-4F46-A484-2E64D8043521}" = PrintKey-Pro v1.04

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ENTERPRISER" = Microsoft Office Enterprise 2007

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = Western Digital USB 3.0 Host Controller Driver

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MyScribe" = MyScribe

"Network MagicUninstall" = Network Magic

"NSS" = Norton Security Scan

"PROR" = Microsoft Office Professional 2007 Trial

"pywin32-py2.6" = Python 2.6 pywin32-212

"sp44626" = sp44626

"WildTangent hp Master Uninstall" = HP Games

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/2/2011 6:23:15 PM | Computer Name = KimJim | Source = HP Advisor | ID = 400

Description = Timestamp: 05/02/2011 17:23:15.629; Category: FATAL; Priority:(4); Win32

Thread Id: [2072]; Message: System.NullReferenceException: Object reference not

set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String

type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400;

Severity:

Critical; Machine: KIMJIM; Application Domain: HPAdvisor.exe; Process Id: 2068; Process

Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended

Properties:

Error - 5/3/2011 10:37:12 AM | Computer Name = KimJim | Source = WinMgmt | ID = 10

Description =

Error - 5/3/2011 10:39:55 AM | Computer Name = KimJim | Source = HP Advisor | ID = 400

Description = Timestamp: 05/03/2011 09:39:55.603; Category: FATAL; Priority:(4); Win32

Thread Id: [2552]; Message: System.NullReferenceException: Object reference not

set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String

type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400;

Severity:

Critical; Machine: KIMJIM; Application Domain: HPAdvisor.exe; Process Id: 2548; Process

Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended

Properties:

Error - 5/4/2011 9:54:32 AM | Computer Name = KimJim | Source = WinMgmt | ID = 10

Description =

Error - 5/4/2011 9:57:24 AM | Computer Name = KimJim | Source = HP Advisor | ID = 400

Description = Timestamp: 05/04/2011 08:57:24.141; Category: FATAL; Priority:(4); Win32

Thread Id: [2248]; Message: System.NullReferenceException: Object reference not

set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String

type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400;

Severity:

Critical; Machine: KIMJIM; Application Domain: HPAdvisor.exe; Process Id: 2244; Process

Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended

Properties:

Error - 5/5/2011 11:11:13 AM | Computer Name = KimJim | Source = WinMgmt | ID = 10

Description =

Error - 5/5/2011 11:13:52 AM | Computer Name = KimJim | Source = HP Advisor | ID = 400

Description = Timestamp: 05/05/2011 10:13:52.347; Category: FATAL; Priority:(4); Win32

Thread Id: [2088]; Message: System.NullReferenceException: Object reference not

set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String

type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400;

Severity:

Critical; Machine: KIMJIM; Application Domain: HPAdvisor.exe; Process Id: 2084; Process

Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended

Properties:

Error - 5/5/2011 7:16:13 PM | Computer Name = KimJim | Source = WinMgmt | ID = 10

Description =

Error - 5/5/2011 7:18:29 PM | Computer Name = KimJim | Source = HP Advisor | ID = 400

Description = Timestamp: 05/05/2011 18:18:29.263; Category: FATAL; Priority:(4); Win32

Thread Id: [1504]; Message: System.NullReferenceException: Object reference not

set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String

type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400;

Severity:

Critical; Machine: KIMJIM; Application Domain: HPAdvisor.exe; Process Id: 1496; Process

Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended

Properties:

Error - 5/6/2011 8:19:44 AM | Computer Name = KimJim | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 4/14/2012 9:08:00 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7026

Description =

Error - 4/14/2012 9:09:50 AM | Computer Name = KimJim | Source = HTTP | ID = 15016

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7023

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7003

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7000

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7003

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7009

Description =

Error - 4/14/2012 9:11:34 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7000

Description =

Error - 4/14/2012 9:12:12 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7022

Description =

Error - 4/14/2012 9:12:12 AM | Computer Name = KimJim | Source = Service Control Manager | ID = 7026

Description =

< End of report >

OTL logfile created on: 4/14/2012 9:46:55 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kim\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 54.85% Memory free

12.19 Gb Paging File | 9.08 Gb Available in Paging File | 74.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.36 Gb Total Space | 146.06 Gb Free Space | 25.08% Space Free | Partition Type: NTFS

Drive D: | 13.81 Gb Total Space | 1.95 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: KIMJIM | User Name: Kim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 09:46:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe

PRC - [2011/08/27 11:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE

PRC - [2011/08/27 10:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/05/12 18:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/05/12 18:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/11/20 20:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2009/06/18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2009/04/10 01:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

PRC - [2009/04/10 01:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/03/19 12:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/12/04 15:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007/02/22 21:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2006/12/19 12:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2006/12/19 12:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2006/12/19 12:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2003/09/19 22:12:40 | 001,637,888 | ---- | M] (WareCentral.com) -- C:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/29 21:02:09 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll

MOD - [2011/06/29 21:02:01 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll

MOD - [2011/06/29 21:01:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll

MOD - [2011/06/29 21:01:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll

MOD - [2011/06/29 21:01:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll

MOD - [2011/06/29 20:55:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll

MOD - [2011/06/29 20:55:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll

MOD - [2011/06/29 20:55:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll

MOD - [2011/06/29 20:55:24 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll

MOD - [2011/06/29 20:55:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll

MOD - [2011/06/29 20:55:15 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll

MOD - [2011/06/29 20:55:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll

MOD - [2011/06/29 20:54:53 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll

MOD - [2011/06/29 20:54:49 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll

MOD - [2011/06/29 20:54:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

MOD - [2009/07/24 10:32:01 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2009/04/10 01:22:04 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009/04/03 19:23:44 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009/04/03 19:23:42 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009/04/03 19:23:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009/04/03 19:23:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009/04/03 19:23:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009/04/03 19:23:38 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009/04/03 19:23:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009/04/03 19:23:34 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2008/07/27 13:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2006/12/19 12:28:14 | 000,120,384 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\naXML71.dll

MOD - [2006/12/19 12:26:12 | 000,157,248 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\naisign.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2012/04/07 11:15:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/08/27 11:01:00 | 000,012,800 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)

SRV - [2011/08/27 11:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE -- (OracleXETNSListener)

SRV - [2011/08/27 10:59:56 | 000,069,632 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)

SRV - [2011/08/27 10:58:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)

SRV - [2011/08/27 10:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/06/18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/02/22 21:50:00 | 000,154,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)

SRV - [2007/02/22 21:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2006/12/19 12:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/20 20:16:02 | 000,177,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/11/20 20:15:58 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/13 15:47:44 | 000,033,072 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)

DRV:64bit: - [2009/05/13 15:47:42 | 000,031,536 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)

DRV:64bit: - [2009/02/26 06:46:34 | 010,276,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/01/20 11:49:30 | 001,254,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/01/20 09:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/12/04 07:48:52 | 000,407,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/02/22 21:50:00 | 000,248,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2006/11/30 09:50:00 | 000,092,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2006/11/30 09:50:00 | 000,080,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2006/11/30 09:50:00 | 000,067,144 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV - [2006/11/30 09:50:00 | 000,038,600 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0BCD5D28-DB6D-407E-8AE1-CFB7B1F95AC5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0BCD5D28-DB6D-407E-8AE1-CFB7B1F95AC5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

IE - HKLM\..\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes,DefaultScope = {246CCA68-9AE4-4EF7-923E-0E55A7CB014F}

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes\{0BCD5D28-DB6D-407E-8AE1-CFB7B1F95AC5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes\{246CCA68-9AE4-4EF7-923E-0E55A7CB014F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_en

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()

O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2640557747-2532671182-154105515-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 97.64.168.12 97.64.183.165

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58D7003C-F370-45C0-B746-6A86C0FCCE3E}: DhcpNameServer = 192.168.1.1 97.64.168.12 97.64.183.165

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()

O24 - Desktop WallPaper: C:\Users\Kim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Kim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{ca6844c0-1638-11e1-b5b0-0023541eee2c}\Shell - "" = AutoRun

O33 - MountPoints2\{ca6844c0-1638-11e1-b5b0-0023541eee2c}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 09:46:00 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe

[2012/04/12 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warecentral

[2012/04/12 19:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey-Pro

[2012/04/12 19:17:06 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\Ilivid Player

[2012/04/12 19:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar

[2012/04/07 11:15:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 09:47:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/14 09:46:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe

[2012/04/14 09:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/14 09:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/14 09:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/14 08:16:31 | 000,706,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/14 08:16:31 | 000,606,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/14 08:16:31 | 000,104,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/14 08:10:24 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration RunOnce Task.job

[2012/04/14 08:09:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/14 08:09:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/13 20:10:39 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/13 19:58:04 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kim.job

[2012/04/12 19:26:21 | 000,001,954 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 19:26:21 | 000,001,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk

[2012/04/07 11:15:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/01/07 18:51:25 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/12/02 19:21:53 | 000,009,844 | -HS- | C] () -- C:\Users\Kim\AppData\Local\svwvag1v2wvv7say7kbm3m836c7n

[2011/12/02 19:21:53 | 000,009,844 | -HS- | C] () -- C:\ProgramData\svwvag1v2wvv7say7kbm3m836c7n

[2011/01/30 19:24:22 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp

[2011/01/30 18:55:52 | 000,208,237 | ---- | C] () -- C:\Windows\hpoins43.dat

========== LOP Check ==========

[2011/03/05 13:48:11 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Catalina Marketing Corp

[2010/03/21 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\GetRightToGo

[2010/03/21 12:29:29 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\ICAClient

[2011/02/05 10:42:21 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\MyScribe

[2009/11/10 18:10:07 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\PictureMover

[2010/10/17 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Skinux

[2009/11/12 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\webex

[2010/03/21 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\WinBatch

[2012/04/14 08:10:24 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration RunOnce Task.job

[2012/04/14 08:08:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA029835

< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE:64bit: - HKLM\..\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}
  IE - HKLM\..\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes,DefaultScope = {246CCA68-9AE4-4EF7-923E-0E55A7CB014F}
  IE - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=306&systemid=406&sr=0&q={searchTerms}
  O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found
  O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar" File not found
  O37 - HKU\S-1-5-21-2640557747-2532671182-154105515-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
  [2012/04/12 19:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
  [2011/12/02 19:21:53 | 000,009,844 | -HS- | C] () -- C:\Users\Kim\AppData\Local\svwvag1v2wvv7say7kbm3m836c7n
  [2011/12/02 19:21:53 | 000,009,844 | -HS- | C] () -- C:\ProgramData\svwvag1v2wvv7say7kbm3m836c7n
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[lilyaqha]

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A95BD3B-5332-4719-8F22-A003378E0ABD}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A95BD3B-5332-4719-8F22-A003378E0ABD}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKEY_USERS\S-1-5-21-2640557747-2532671182-154105515-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2640557747-2532671182-154105515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2640557747-2532671182-154105515-1000_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2640557747-2532671182-154105515-1000_Classes\exefile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Program Files (x86)\Searchqu Toolbar\Datamngr folder moved successfully.

C:\Program Files (x86)\Searchqu Toolbar folder moved successfully.

C:\Users\Kim\AppData\Local\svwvag1v2wvv7say7kbm3m836c7n moved successfully.

C:\ProgramData\svwvag1v2wvv7say7kbm3m836c7n moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Kim

->Temp folder emptied: 736918224 bytes

->Temporary Internet Files folder emptied: 1249701471 bytes

->Java cache emptied: 13457553 bytes

->Flash cache emptied: 271817 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 711240 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5633411762 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,281.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04142012_155222

Files\Folders moved on Reboot...

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF31FE.tmp not found!

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF3207.tmp not found!

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF326E.tmp not found!

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF3277.tmp not found!

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF32AB.tmp not found!

File\Folder C:\Users\Kim\AppData\Local\Temp\~DF32B4.tmp not found!

File move failed. C:\Windows\temp\WebEx\Log\414\atashost.log scheduled to be moved on reboot.

File\Folder C:\Windows\temp\WFV32BB.tmp not found!

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXWZQMYF\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEPP4ZST\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMG1FDRQ\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2N0KVOY\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Maniac]

How are things now?

[lilyaqha]

It's better! Thank you so much

[Maniac]

Glad I could help!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!