kevinf80 Posted April 8, 2014 ID:815239 Share Posted April 8, 2014 What is the current status of your system, any remaining issues or concerns? Link to post Share on other sites More sharing options...
whonew Posted April 8, 2014 Author ID:815396 Share Posted April 8, 2014 All seems good, but do wonder about Best Buy app. I created a guest account, used to have my own but best buy changed it to duel his/hers because my husband could not figure out how to use the computer and get help. Now I see that Best Buy app and wonder if they still had access ? But it seems nice , so I am not complaining . Great job, But I ran Malwarebyt's in the guest account and came up with PUP called Mindspark. I picked remove will rescan in this account again Link to post Share on other sites More sharing options...
kevinf80 Posted April 8, 2014 ID:815584 Share Posted April 8, 2014 Post the fresh log from the latest Malwarebytes scan... Next, Download and save DDS to your Desktop from either of the following links: http://download.bleepingcomputer.com/sUBs/dds.scr'>http://download.bleepingcomputer.com/sUBs/dds.scrhttp://compendiate.net/sUBs/dds/dds.scr'>http://compendiate.net/sUBs/dds/dds.scr Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.Double-click the dds.scr file to run the program.It will automatically run in silent mode and then you will see the following note:"Two logs shall be created on your Desktop"The logs will be named dds.txt and attach.txt".Wait until the logs appear and then copy and paste their contents in your post. Link to post Share on other sites More sharing options...
whonew Posted April 9, 2014 Author ID:815955 Share Posted April 9, 2014 Guest account say's Best Buy app can not operate in a guest account2014/04/08 13:22:25 -0700 KIRK-PC Guest MESSAGE Executing scheduled update: Daily2014/04/08 13:23:02 -0700 KIRK-PC Guest MESSAGE Scheduled update executed successfully: database updated from version v2014.04.07.12 to version v2014.04.08.072014/04/08 13:23:02 -0700 KIRK-PC Guest MESSAGE Starting database refresh2014/04/08 13:23:03 -0700 KIRK-PC Guest MESSAGE Stopping IP protection2014/04/08 13:23:07 -0700 KIRK-PC Guest MESSAGE IP Protection stopped successfully2014/04/08 13:23:52 -0700 KIRK-PC Guest MESSAGE Database refreshed successfully2014/04/08 13:23:54 -0700 KIRK-PC Guest MESSAGE Starting IP protection2014/04/08 13:24:11 -0700 KIRK-PC Guest MESSAGE IP Protection started successfully Link to post Share on other sites More sharing options...
whonew Posted April 9, 2014 Author ID:815959 Share Posted April 9, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 2/8/2013 5:32:58 PMSystem Uptime: 4/8/2014 6:24:20 PM (15 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: AMD E-350 Processor | Socket FT1 | 1600/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 285 GiB total, 252.712 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP140: 4/7/2014 10:38:29 AM - End of disinfectionRP141: 4/8/2014 8:05:34 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader XI (11.0.06)Amazon Cloud PlayerAmazon Music ImporterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI Catalyst Install ManagerBest Buy pc appCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerComputer Security 12.83.104.0 (release)Conexant HD AudioD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionETDWare PS/2-X64 8.0.8.0_R01F-Secure CCF ReputationF-Secure CCF Scanning 1.23.124.8831 (release)F-Secure Network CCF 1.02.128Frontier SecureJava 7 Update 51Java Auto UpdaterJunk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Mozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Online Safety 2.83.1329.952PlayReady PC Runtime amd64PlayReady PC Runtime x86Realtek USB 2.0 Card ReaderRealtek WLAN DriverSecurity Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionswMSMTOSHIBA Application InstallerTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertTOSHIBA Media ControllerTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageToshibaRegistrationUpdate for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817369) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2863818) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2878225) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2837595) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687567) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2775360) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit EditionUpdate for Microsoft Visio 2010 (KB2878227) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionWaterfox 27.0.2 (x64 en-US)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWMV9/VC-1 Video Playback.==== Event Viewer Messages From Past Week ========.4/8/2014 8:01:35 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.4/8/2014 8:01:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/8/2014 8:01:09 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.4/8/2014 11:38:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.4/8/2014 10:22:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user KIRK-PC\Guest SID (S-1-5-21-1596010243-3757955604-700281957-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
whonew Posted April 9, 2014 Author ID:815960 Share Posted April 9, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.51.2Run by Judith at 9:07:18 on 2014-04-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1273 [GMT -7:00].AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\Program Files (x86)\Frontier\fshoster32.exeC:\windows\Explorer.EXEC:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Frontier\fshoster32.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXEC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXEC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\SearchIndexer.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\wuauclt.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: AutorunsDisabled - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllmRun: [F-Secure Hoster (53784)] "C:\Program Files (x86)\Frontier\fshoster32.exe" -app -hosterid:1mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE" /splashmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Judith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: EnableSecureUIAPath = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A} : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6427F6E64796562733731353 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6716E602E475 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\D61636B6D27457563747 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\E43434 : DHCPNameServer = 68.87.69.146 68.87.85.98TCP: Interfaces\{EE8955E8-D2B7-40F6-B417-F67FC1CC5384} : DHCPNameServer = 192.168.254.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dllFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\windows\System32\Macromed\Flash\NPSWF64_12_0_0_77.dllFF - plugin: C:\windows\System32\npDeployJava1.dllFF - plugin: C:\windows\System32\npmproxy.dllFF - plugin: C:\windows\System32\Wat\npWatWeb.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-2-8 75904]R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-2-8 38016]R0 fsbts;fsbts;C:\windows\System32\drivers\fsbts.sys [2013-10-16 56016]R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2014-4-3 69480]R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-10-16 13248]R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Frontier\fshoster32.exe [2013-5-15 191424]R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-10-16 203304]R3 fsni;fsni;C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [2013-4-25 80832]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-2-8 9216]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-7 25928]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-2-8 1109096]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-8 19456]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-2-8 243712]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-8 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-8 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-2-9 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-2-8 203776]S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-2-8 54136]S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560].=============== Created Last 30 ================.2014-04-08 15:06:37 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{32E773CB-9E07-4374-8B02-114B2E3EFD61}\mpengine.dll2014-04-07 22:04:00 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\webapprt-stub.exe2014-04-07 22:04:00 878024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\uninstall\helper.exe2014-04-07 22:04:00 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-hang-ui.exe2014-04-07 22:04:00 276592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\updater.exe2014-04-07 22:04:00 23186032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\xul.dll2014-04-07 22:04:00 18544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe2014-04-07 22:04:00 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\webapp-uninstaller.exe2014-04-07 22:04:00 152688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\softokn3.dll2014-03-25 21:34:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-25 21:34:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2014-03-12 23:12:16 624128 ----a-w- C:\windows\System32\qedit.dll2014-03-12 23:12:16 509440 ----a-w- C:\windows\SysWow64\qedit.dll2014-03-12 23:12:14 228864 ----a-w- C:\windows\System32\wwansvc.dll2014-03-12 23:12:10 3156480 ----a-w- C:\windows\System32\win32k.sys2014-03-12 23:12:06 484864 ----a-w- C:\windows\System32\wer.dll2014-03-12 23:12:06 381440 ----a-w- C:\windows\SysWow64\wer.dll2014-03-12 23:11:10 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll2014-03-12 23:11:09 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll.==================== Find3M ====================.2014-02-23 08:13:41 2241536 ----a-w- C:\windows\System32\wininet.dll2014-02-23 08:11:59 3960320 ----a-w- C:\windows\System32\jscript9.dll2014-02-23 08:11:52 67072 ----a-w- C:\windows\System32\iesetup.dll2014-02-23 08:11:52 136704 ----a-w- C:\windows\System32\iesysprep.dll2014-02-23 06:54:46 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2014-02-23 06:53:22 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll2014-02-23 06:53:18 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2014-02-23 06:53:18 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2014-02-23 06:35:36 2706432 ----a-w- C:\windows\System32\mshtml.tlb2014-02-23 06:31:25 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2014-02-23 05:39:39 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2014-02-23 05:35:24 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2014-02-20 06:09:34 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll.============= FINISH: 9:09:42.64 =============== Link to post Share on other sites More sharing options...
kevinf80 Posted April 9, 2014 ID:816012 Share Posted April 9, 2014 I see this nuisance shows up in the installed programs list, see if you can uninstall it the normal way. If that fails do the following:Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.Run the tool, the main GUI will populate with installed programs list,Left click on Best Buy pc app to highlight that entry.Select Action from the Menu bar, then Uninstall from there and follow the prompts.If Uninstall fails open the "Action" menu one more time and use "Force Removal" option, follow the prompts... Let me know if that works. If it does you can simply delete DDS and its logs, also delete GeekUninstaller as it is portable.... Kevin Link to post Share on other sites More sharing options...
whonew Posted April 9, 2014 Author ID:816176 Share Posted April 9, 2014 I see downloads but do not see uninstaller on any of them, not sure what one to pick Link to post Share on other sites More sharing options...
kevinf80 Posted April 9, 2014 ID:816187 Share Posted April 9, 2014 Where exactly do you see downloads? not sure what you mean Link to post Share on other sites More sharing options...
whonew Posted April 9, 2014 Author ID:816200 Share Posted April 9, 2014 I followed the link and had to finally press home page to see what it had to say, and at the bottom was the free geek uninstaller but do not think that it was right when I opened it so I remove that and think I should not try any more. Link to post Share on other sites More sharing options...
kevinf80 Posted April 10, 2014 ID:816296 Share Posted April 10, 2014 Can you just Uninstall Bestbuy PC app the normal way if you do not trust or want to use Geek Uninstaller... Select start, into the search box type or copy/paste Programs and features hit the enter key. In the new window select by one left click "Best Buy Pc" then select "Uninstall/change" follow the prompts to Uninstall the app.... Does that work for you? let me know if any remaining issues or concerns. If none are we ok to close out.... Kevin Link to post Share on other sites More sharing options...
whonew Posted April 10, 2014 Author ID:816494 Share Posted April 10, 2014 I don't see it in the Add/Remove. I was leery of the Best Buy app for help on line , for one of the workers came in with my sons name and a hoodie or gang member style hat in his photo , so I phoned Best buy and they verified there was a member in the geek squad with that name but could not verify that photo, what I found odd is it was my sons name and he is very Nordic looking, not on Geek Squad, but management and that young man was Brazilian . Several months later that son got severely hacked . I do not bank on line but I think he did. Also he has a (supposed) Best Buy App that appeared to zip through everything in this machine. it took about a hour and I could see all that flash before my face. In the guest account it appears to be 398 bytes disk 4.00kb and was created Feb 03, 2013 but seems if it was from Best Buy it would have been created 2011 when we bought the computer? I think there was one in Add/Remove but I uninstalled it. Bothers me that is says full control also , the name is simply pc.app Link to post Share on other sites More sharing options...
kevinf80 Posted April 10, 2014 ID:816589 Share Posted April 10, 2014 What is the current status now, do you have any remaining issues or concerns.... Link to post Share on other sites More sharing options...
whonew Posted April 10, 2014 Author ID:816606 Share Posted April 10, 2014 No just need to find that Best Buy app and get it gone. Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2014 ID:816633 Share Posted April 11, 2014 Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:816966 Share Posted April 11, 2014 This morning I turned the computer on, pressed i.e. and the web came up solid white and then shut down, I tried it tree times and the third time double clicked instead of one click . The web came up and took several seconds to show a any type or pic's or icons . I had not tried shutting it down before and was putting it on sleep most of the time. At times , yesterday, it looked like there were several screens open one lapped over the other, I could see the base of the web on about 10 or more of what appeared the same page? I think I had seen that before and attributed it to the slowness but now I am not sure. My quest about OTL is, if there is something running in the back and I can't really see it how do I shut it down? I know there is something running , every time I try to shut down the machine warns me that it is waiting for a running program to shut down and asks me if I want to force it to shut down? Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:816979 Share Posted April 11, 2014 OTL logfile created on: 4/11/2014 9:05:29 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Judith\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16866)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.60 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 61.81% Memory free5.20 Gb Paging File | 3.90 Gb Available in Paging File | 74.92% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 285.29 Gb Total Space | 251.56 Gb Free Space | 88.18% Space Free | Partition Type: NTFS Computer Name: KIRK-PC | User Name: Judith | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/04/11 09:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exePRC - [2014/03/26 03:32:24 | 001,206,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exePRC - [2014/03/26 03:32:24 | 000,636,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fsgk32.exePRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/10/16 16:18:29 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exePRC - [2013/08/14 05:23:06 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXEPRC - [2013/08/14 05:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXEPRC - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\fshoster32.exe ========== Modules (No Company Name) ========== MOD - [2013/10/16 16:13:22 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dllMOD - [2013/08/14 05:22:50 | 000,056,256 | ---- | M] () -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\FSGUI\fsavures.eng ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/02/10 13:52:04 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/10/20 15:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)SRV - [2014/04/10 08:25:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2014/03/25 14:54:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/10/16 16:18:29 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2013/08/14 05:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)SRV - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\fshoster32.exe -- (fshoster)SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/16 16:29:10 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)DRV:64bit: - [2013/05/13 16:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)DRV:64bit: - [2013/04/04 15:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/25 15:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/14 13:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2011/02/10 14:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/02/10 13:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/01/05 02:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/11 13:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2010/11/05 08:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)DRV:64bit: - [2010/11/05 08:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)DRV:64bit: - [2010/10/08 12:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV - [2014/03/03 21:04:01 | 000,203,304 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)DRV - [2014/03/03 21:02:55 | 000,069,480 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)DRV - [2013/08/14 05:22:44 | 000,013,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)DRV - [2013/04/25 12:52:40 | 000,080,832 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys -- (fsni)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\System32\blank.htmIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJIE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Judith\DesktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://frontier.yahoo.com/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJIE - HKCU\..\SearchScopes\{3B2C9801-5FC7-4884-A127-E552570857AD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.2FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\system32\npDeployJava1.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1130\7.5.1130\FIREFOXEXTENSION64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 27.0.2\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 27.0.2\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINSFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextensionFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextensionFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/07 16:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Extensions[2014/03/20 13:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\extensions[2014/02/24 22:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2014/04/10 08:25:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [] File not foundO4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [F-Secure Hoster (53784)] C:\Program Files (x86)\Frontier\fshoster32.exe (F-Secure Corporation)O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)O4 - Startup: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}: DhcpNameServer = 192.168.254.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE8955E8-D2B7-40F6-B417-F67FC1CC5384}: DhcpNameServer = 192.168.254.254O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/04/11 09:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe[2014/04/09 09:15:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll[2014/04/09 09:15:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2014/04/09 09:15:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll[2014/04/09 09:15:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2014/04/09 09:15:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2014/04/09 09:15:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll[2014/04/09 09:15:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2014/04/09 09:15:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2014/04/09 09:15:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2014/04/09 09:15:28 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2014/04/09 09:15:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe[2014/04/09 09:15:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2014/04/09 09:15:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll[2014/04/09 09:15:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2014/04/09 09:15:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2014/04/09 09:15:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2014/04/09 09:15:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe[2014/04/09 09:12:59 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys[2014/04/09 09:12:59 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys[2014/04/09 09:12:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll[2014/04/09 09:12:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll[2014/04/09 09:12:26 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll[2014/04/09 09:12:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll[2014/04/09 09:12:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll[2014/04/09 09:12:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe[2014/04/09 09:12:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll[2014/04/09 09:12:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll[2014/04/09 09:12:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll[2014/04/09 09:12:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe[2014/04/09 09:12:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll[2014/04/09 09:12:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe[2014/04/09 09:05:21 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Judith\Desktop\dds.scr[2014/03/25 14:34:36 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2014/03/25 14:34:36 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2014/03/20 13:05:23 | 000,000,000 | ---D | C] -- C:\Users\Judith\Desktop\Old Firefox Data[2014/03/19 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\Oracle[2014/03/18 22:07:39 | 029,393,568 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Judith\Desktop\SUPERAntiSpyware.exe[2014/03/12 16:12:16 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll[2014/03/12 16:12:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll[2014/03/12 16:12:06 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll[2014/03/12 16:12:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll[2014/03/12 16:11:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/04/11 09:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe[2014/04/11 08:53:18 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2014/04/11 08:53:18 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2014/04/11 08:51:26 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2014/04/11 08:51:26 | 000,662,634 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2014/04/11 08:51:26 | 000,122,470 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2014/04/11 08:45:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2014/04/11 08:44:32 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys[2014/04/10 23:24:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2014/04/09 09:06:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Judith\Desktop\dds.scr[2014/04/05 14:27:13 | 000,001,303 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk[2014/03/25 14:54:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2014/03/25 14:54:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2014/03/18 22:23:49 | 029,393,568 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Judith\Desktop\SUPERAntiSpyware.exe[2014/03/12 23:33:52 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2014/03/12 23:32:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll[2014/03/12 23:32:24 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2014/03/12 23:32:03 | 003,959,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2014/03/12 23:32:03 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2014/03/12 23:31:56 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2014/03/12 23:31:55 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2014/03/12 23:31:55 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll[2014/03/12 23:31:55 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll[2014/03/12 22:09:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll[2014/03/12 22:09:42 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2014/03/12 22:09:39 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2014/03/12 22:09:39 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2014/03/12 22:09:39 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2014/03/12 22:09:39 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2014/03/12 20:59:47 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe[2014/03/12 20:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe[2014/03/12 16:37:58 | 000,417,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/04/04 22:50:59 | 000,001,303 | ---- | C] () -- C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk[2014/03/25 14:34:39 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2014/02/24 22:03:17 | 000,775,084 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/10/16 16:19:11 | 000,019,875 | ---- | C] () -- C:\windows\prodsett_copy.ini[2013/03/03 16:13:52 | 000,022,064 | ---- | C] () -- C:\windows\DCEBoot64.exe[2013/02/27 10:41:13 | 000,234,544 | ---- | C] () -- C:\windows\RegBootClean64.exe[2013/02/09 06:44:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2013/02/09 06:38:11 | 000,000,036 | ---- | C] () -- C:\Users\Judith\AppData\Local\housecall.guid.cache[2013/02/08 16:54:48 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe[2013/02/08 16:48:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin[2013/02/08 16:46:11 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2013/07/24 19:32:17 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/28 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Book Place[2013/11/06 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\com.amazon.music.uploader[2014/03/19 12:58:58 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Oracle[2013/08/28 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Toshiba[2013/02/08 18:34:54 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:816980 Share Posted April 11, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 2/8/2013 5:32:58 PMSystem Uptime: 4/8/2014 6:24:20 PM (15 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: AMD E-350 Processor | Socket FT1 | 1600/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 285 GiB total, 252.712 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP140: 4/7/2014 10:38:29 AM - End of disinfectionRP141: 4/8/2014 8:05:34 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader XI (11.0.06)Amazon Cloud PlayerAmazon Music ImporterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI Catalyst Install ManagerBest Buy pc appCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerComputer Security 12.83.104.0 (release)Conexant HD AudioD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionETDWare PS/2-X64 8.0.8.0_R01F-Secure CCF ReputationF-Secure CCF Scanning 1.23.124.8831 (release)F-Secure Network CCF 1.02.128Frontier SecureJava 7 Update 51Java Auto UpdaterJunk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Mozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Online Safety 2.83.1329.952PlayReady PC Runtime amd64PlayReady PC Runtime x86Realtek USB 2.0 Card ReaderRealtek WLAN DriverSecurity Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionswMSMTOSHIBA Application InstallerTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertTOSHIBA Media ControllerTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageToshibaRegistrationUpdate for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817369) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2863818) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2878225) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2837595) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687567) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2775360) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit EditionUpdate for Microsoft Visio 2010 (KB2878227) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionWaterfox 27.0.2 (x64 en-US)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWMV9/VC-1 Video Playback.==== Event Viewer Messages From Past Week ========.4/8/2014 8:01:35 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.4/8/2014 8:01:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/8/2014 8:01:09 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.4/8/2014 11:38:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.4/8/2014 10:22:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user KIRK-PC\Guest SID (S-1-5-21-1596010243-3757955604-700281957-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2014 ID:817120 Share Posted April 11, 2014 Re-Run by double left click, Vista and Widows 7 users accept UAC alert.Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL :OTLO2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]:Files:Commands[emptytemp][CREATERESTOREPOINT] Then click button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Next, Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit. http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit…. http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :regfindBest Buy pc app*Best Buy pc app* Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Post those logs.. Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:817162 Share Posted April 11, 2014 Sorry I do not see the option for window 7 users accept UAC alert? I am a bit confused here Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:817167 Share Posted April 11, 2014 All processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}C:\Windows\Downloaded Program Files\swdir.inf moved successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.Starting removal of ActiveX control {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\DownloadInformation\\INF .Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.File Protocol\Handler\livecall - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.File Protocol\Handler\ms-help - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.File Protocol\Handler\msnim - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.File Protocol\Handler\wlmailhtml - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.File Protocol\Handler\wlpg - No CLSID value found not found.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.C:\windows\msdownld.tmp folder deleted successfully.========== FILES ==================== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Guest->Temp folder emptied: 3323 bytes->Temporary Internet Files folder emptied: 355352 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 14158630 bytes->Flash cache emptied: 57008 bytes User: Judith->Temp folder emptied: 129183 bytes->Temporary Internet Files folder emptied: 7818661 bytes->Java cache emptied: 359413 bytes->FireFox cache emptied: 17682072 bytes->Flash cache emptied: 506 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 3938 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 39.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04112014_134523Files\Folders moved on Reboot...C:\Users\Judith\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Judith\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2014 ID:817170 Share Posted April 11, 2014 Thanks for log, I wait to see SystemLook log.. Thanks... Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:817172 Share Posted April 11, 2014 SystemLook 30.07.11 by jpshortstuffLog created at 14:01 on 11/04/2014 by JudithAdministrator - Elevation successful========== regfind ==========Searching for "Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Best Buy pc app Setup.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9]"ProductName"="Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9\SourceList]"PackageName"="Best Buy pc app Setup.msi"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\3.0.0.0\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03D5B88E9831BC54DB7C3C16F1E5C891]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\076C9D3C21C324B4BA3B9B218FAD0CFE]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.Presentation.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B9B2E81428F63D43B699CB5568491F1]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\About.rtf.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18232011C7B3D1F4E8E6EFE91DA0159E]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\WelcomeScreen.rtf.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1934F68B2A5E0734BAEF63492CFAB6D0]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2508166F59895DD4E8333038B399B425]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Ionic.Zip.Reduced.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26620F978EDADC544A36CE70408B0715]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C367727B6AC9244EA02307F5AA1D375]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FA390BC58BE0A342B9D8F2D2479D885]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\329FD134DA4E0844B9369A6E650BC8F0]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3664465A628E7094395C7796134756EC]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Interop.IWshRuntimeLibrary.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D28A8305F807C347A6A2A19F1D403F8]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Restarter.exe.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F55FDF723F1724DB50F63ED20BC7AD]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F95AABBAF529448918A63384170E3C]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\Translations.xml.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473D39163BF26964EA39C4D279B0034B]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B31418C83410D9468EDC7098CCF00ED]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\SharpBITS.Base.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53E0EB5423EC3144FB438F35A966ED15]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59FCE2ED8A0AAD246B91B9449A9C8A7D]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\ViewModels.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E07ABB1F25A0564F9372D3BDC68B203]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E184F7A70ED58543B1E40F700BC2BFE]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Localization.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FD0A0DFF52247B49AC04670CD5A6844]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Common.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64305C21032E85640A74CF21F3169980]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\TranslationSchema.xsd.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\659816A5A7096874FA1D0FA5BCBB38CA]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68F72A321BB63C34BAB8706A17CFF763]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.Tests.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E6F944C87C9DC94E86A68A4265FFFAE]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.Shell.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\717EA78AB4B7DB7448677A019EAFD8A7]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FEED76AD1E2CD042A26AEAAC9A64A37]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\ClickOnce.htm"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86B0802BFF8E33C43A3C2053C7A86AE9]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\ClickOnceUninstaller.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86CA132B1D76AEE44839B283180303F6]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.manifest"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\923DFC1DEEF7EC04DAC41B515D68C0D7]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9403CE5B8841C114C8D468E237F0CCC9]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\FluidKit.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94508772FFF88854C9447AC3707F6CCD]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\Best Buy pc app.3.0.0.0.application"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\952346D22C857BC4894049D2A73F9CDE]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\pc app Installer.exe.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9913D5AB95EF2EA458753EF533BE9A97]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Common.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B8CA15CC6A10F742A15E16C6092FF73]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB32D078443EC714F84AB2D58858DC66]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.ServiceLocation.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1C443A5149E61C488ADAA951BDFEEB3]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.UnityExtensions.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6AAC145EEF70EE4494245E3BD7E4789]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B828335B654D2854DA6FDFCF2E3E1125]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\tempCategories.xml.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB65905F877923448986F05B6392035B]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBC1219AD7E2D234C9D22495DB902660]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Unity.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2310AB7FC0B06A479BBBAF550638257]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2F9C840DF07C764FB7274875CBA637C]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\pc app Installer.exe.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8186E19F28BB4742AE33E5672BD7D16]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\AppMeasurement_DotNET.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5A3007C08F8F9E499CD7A568A0DB832]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\ViewModels.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DCF62FD5881CA8142938C25BB18B9C5C]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\CustomControls.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5B00EF182145684DB01669AC745A592]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\BestBuySoftwareInstaller.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8C0C2FCE1C8DDD47B5B756263CCBF40]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.ObjectBuilder2.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0BC69A5620802F49BCCACD3D353BB34]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.config.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B31CA5D4D28A344A7B5AA4D4BE8570]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\Best Buy pc app.application"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F629E39E0F02DC7419CC3E89CB087AA7]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F98BD01DC91EFA346A91ED712EACB86C]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\AppIcon.ico.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFDABF874902E194EBBA6D0EB28C4457]"7664CBBF125287E41BDB78607F4745B9"="C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.deploy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties]"InstallLocation"="C:\Program Files\Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties]"DisplayName"="Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]"InstallLocation"="C:\Program Files\Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]"DisplayName"="Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app]"DisplayIcon"="C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app]"UninstallString"=""C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe" REMOVE=TRUE MODIFY=FALSE"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app]"ModifyPath"="C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app]"InstallLocation"="C:\Program Files\Best Buy pc app"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]"UninstallString"="C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Best Buy pc app][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Best Buy pc app][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Best Buy pc app]Searching for "*Best Buy pc app*"No data found.-= EOF =- Link to post Share on other sites More sharing options...
whonew Posted April 11, 2014 Author ID:817174 Share Posted April 11, 2014 Before I ran OTL I had logged in to the guest account and it would not pull up IE. Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2014 ID:817184 Share Posted April 11, 2014 Ok continue as follows: Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run) http://oldtimer.geekstogo.com/OTM.exe.http://www.itxassociates.com/OT-Tools/OTM.comhttp://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg :Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Best Buy pc app Setup.exe][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\Best Buy pc app\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03D5B88E9831BC54DB7C3C16F1E5C891][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\076C9D3C21C324B4BA3B9B218FAD0CFE][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B9B2E81428F63D43B699CB5568491F1][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18232011C7B3D1F4E8E6EFE91DA0159E][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1934F68B2A5E0734BAEF63492CFAB6D0][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2508166F59895DD4E8333038B399B425][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26620F978EDADC544A36CE70408B0715][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C367727B6AC9244EA02307F5AA1D375][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FA390BC58BE0A342B9D8F2D2479D885][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\329FD134DA4E0844B9369A6E650BC8F0][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3664465A628E7094395C7796134756EC][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D28A8305F807C347A6A2A19F1D403F8][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F55FDF723F1724DB50F63ED20BC7AD][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F95AABBAF529448918A63384170E3C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473D39163BF26964EA39C4D279B0034B][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B31418C83410D9468EDC7098CCF00ED][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53E0EB5423EC3144FB438F35A966ED15][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59FCE2ED8A0AAD246B91B9449A9C8A7D][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E07ABB1F25A0564F9372D3BDC68B203][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E184F7A70ED58543B1E40F700BC2BFE][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FD0A0DFF52247B49AC04670CD5A6844][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64305C21032E85640A74CF21F3169980][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\659816A5A7096874FA1D0FA5BCBB38CA][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68F72A321BB63C34BAB8706A17CFF763][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E6F944C87C9DC94E86A68A4265FFFAE][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\717EA78AB4B7DB7448677A019EAFD8A7][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FEED76AD1E2CD042A26AEAAC9A64A37][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86B0802BFF8E33C43A3C2053C7A86AE9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86CA132B1D76AEE44839B283180303F6][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\923DFC1DEEF7EC04DAC41B515D68C0D7][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9403CE5B8841C114C8D468E237F0CCC9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94508772FFF88854C9447AC3707F6CCD][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\952346D22C857BC4894049D2A73F9CDE][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9913D5AB95EF2EA458753EF533BE9A97][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B8CA15CC6A10F742A15E16C6092FF73][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB32D078443EC714F84AB2D58858DC66][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1C443A5149E61C488ADAA951BDFEEB3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6AAC145EEF70EE4494245E3BD7E4789][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B828335B654D2854DA6FDFCF2E3E1125][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB65905F877923448986F05B6392035B][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBC1219AD7E2D234C9D22495DB902660][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2310AB7FC0B06A479BBBAF550638257][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2F9C840DF07C764FB7274875CBA637C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8186E19F28BB4742AE33E5672BD7D16][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5A3007C08F8F9E499CD7A568A0DB832][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DCF62FD5881CA8142938C25BB18B9C5C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5B00EF182145684DB01669AC745A592][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8C0C2FCE1C8DDD47B5B756263CCBF40][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0BC69A5620802F49BCCACD3D353BB34][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B31CA5D4D28A344A7B5AA4D4BE8570][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F629E39E0F02DC7419CC3E89CB087AA7][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFDABF874902E194EBBA6D0EB28C4457][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Best Buy pc app][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Best Buy pc app][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Best Buy pc app]:FilesC:\ProgramData\Best Buy pc appC:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.Click the red button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Let me see that log, let me know if any remaining issues or concerns.. Kevin Link to post Share on other sites More sharing options...
Recommended Posts