Jump to content

Google Hijacking


Recommended Posts

After doing a GOOGLE SEARCH, I select one of the search results. Instead of being directed to the selected search site, I am directed to

infosmash.org

local.com

scour.com

forless.com

blu.org

among others.

Running Win7 64 bit, using Firefox. Running Spybot, Malwarebytes, AVIRA finds nothing.

0. Ran Malwarebytes quick scan, text posted here

1. Ran DEFOGGER....didn't ask if I wanted to reboot, so I rebooted manually.

2. Ran GMER ROOTKIT.

3. DDS Text posted here

4. attach.txt zipped and attached

5. ark.txt zipped and attached(I know this is empty...there was nothing reported) When running I get a CANNOT FIND c:\windows\system32\config\system

========

Malwarebytes Quick Scan

Database version: 4759

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/6/2010 3:21:24 PM

mbam-log-2010-10-06 (15-21-24).txt

Scan type: Quick scan

Objects scanned: 136196

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=============================================================================

DDS.TXT

DDS (Ver_10-10-05.01) - NTFS_AMD64

Run by Joe Blow at 13:23:28.53 on Wed 10/06/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2727 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avguard.exe

C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\TeaTimer.exe

C:\Non_MSApps\Hardcopy\hardcopy.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Non_MSApps\Hardcopy\HcDLL2_ex.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Non_MSApps\dds\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [spybotSD TeaTimer] C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\TeaTimer.exe

uRunServices: [mtmasktoolsawutided] C:\Users\Joe Blow\AppData\Local\586377.exe

uRunServices: [Win32LFBMP12N] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\controlcenter\brccfreltdis12n.exe

uRunServices: [EvenDont] c:\users\joe blow\music\mp3\aerosmith\pump\donteven.exe

uRunServices: [ConfigLogicLibraryHPSFConfig] c:\users\joe blow\appdata\local\hewlett-packard\hp support framework\resources\hpsfconfighpsfconfig1.0.0.0.exe

uRunServices: [DriverFrameworks2.1] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\microsoftframeworks2.1.exe

uRunServices: [imageInvisible] C:\Users\Joe Blow\Music\Music\My Music\iTunes\iTunes Music\Thrice\Vheissu\ImageInvisible.exe

uRunServices: [586377] C:\Users\Joe Blow\AppData\Local\586377.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avgnt] "C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hardcopy.LNK - C:\Non_MSApps\Hardcopy\hardcopy.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\JOEBLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ksmyaoan.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: C:\Users\Joe Blow\AppData\Roaming\Mozilla\Firefox\Profiles\ksmyaoan.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll

FF - plugin: C:\Users\Joe Blow\non_msapps\firefox366\plugins\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Users\Joe Blow\non_msapps\firefox366\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

C:\Users\Joe Blow\non_msapps\firefox366\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Users\Joe Blow\non_msapps\firefox366\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-3-8 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\sched.exe [2010-9-27 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avguard.exe [2010-9-27 267432]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-9-27 81072]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]

R2 SBSDWSCService;SBSD Security Center Service;C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDWinSec.exe [2010-7-26 1153368]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-8 215040]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-8 36408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-8 30192]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-8 216576]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-11 1255736]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-10-06 20:20:18 0 ----a-w- C:\Users\Joe Blow\defogger_reenable

2010-09-29 04:33:08 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 04:33:08 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-09-28 19:11:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-28 19:11:57 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-27 17:26:15 -------- d-----w- C:\Users\JOEBLO~1\AppData\Roaming\Avira

2010-09-27 17:17:22 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-09-27 17:17:21 -------- d-----w- C:\PROGRA~3\Avira

2010-09-21 20:34:20 -------- d-----w- C:\Downloads

2010-09-17 23:38:03 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2010-09-17 23:37:52 -------- d-----w- C:\PROGRA~3\Hitman Pro

2010-09-17 23:37:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2010-09-17 23:35:54 -------- d-----w- C:\Program Files (x86)\Hitman Pro 3.5

2010-09-15 16:48:28 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-09-11 00:46:26 120 ----a-w- C:\Users\JOEBLO~1\AppData\Local\Eqeyogaxeyuva.dat

2010-09-11 00:46:26 0 ----a-w- C:\Users\JOEBLO~1\AppData\Local\Chokucudiro.bin

2010-09-11 00:46:25 -------- d-----w- C:\Users\JOEBLO~1\AppData\Local\{86AB6C0A-0C9F-43CC-A4D0-50D3A473A570}

2010-09-08 16:52:27 -------- d-----w- C:\Users\Joe Blow\To Be Deleted

2010-09-08 00:42:33 198 ----a-w- C:\Users\JOEBLO~1\AppData\Roaming\wklnhst.dat

2010-09-07 23:22:46 -------- d-----w- C:\Users\Joe Blow\SCANS

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-13 21:26:08 656240 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll

2010-07-13 21:26:08 648560 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll

============= FINISH: 13:24:24.98 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

Thank you for your help...

After closing all applications, ran OTL:

1. Received the following error message:

Access violation at address 00402975 in module 'OTL.EXE'. Read of address 00AFFFFC.

2. I continued anyway, selecting SCAN ALL USERS, and pasting the text requested to the CUSTOM SCAN box.'

3. I got the following:

OTL.Txt

==========================================================================

OTL logfile created on: 10/11/2010 10:04:26 AM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Non_MSApps\OTL

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 182.77 Gb Total Space | 117.28 Gb Free Space | 64.17% Space Free | Partition Type: NTFS

Drive D: | 17.37 Gb Total Space | 2.82 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Drive E: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32

Drive G: | 29.30 Gb Total Space | 29.21 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Drive K: | 68.36 Gb Total Space | 68.27 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

Computer Name: JOEBLOW-PC | User Name: Joe Blow | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 09:54:12 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Non_MSApps\OTL\OTL.exe

PRC - [2010/09/08 15:57:05 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/05/10 04:54:38 | 001,725,440 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Non_MSApps\Hardcopy\hardcopy.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\sched.exe

PRC - [2009/10/06 00:08:42 | 000,210,216 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/08/25 19:34:30 | 000,015,544 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

PRC - [2009/05/26 16:46:10 | 001,159,168 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

PRC - [2009/03/23 17:02:50 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (SafeList) ==========

MOD - [2010/10/11 09:54:12 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Non_MSApps\OTL\OTL.exe

MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/04 21:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/21 18:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010/09/08 15:57:05 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/09/21 20:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/04 22:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/24 00:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/07/21 18:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/14 16:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/06/29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009/06/24 12:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/03/09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.excite.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {86AB6C0A-0C9F-43CC-A4D0-50D3A473A570}:1.9.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/07 20:43:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Users\Joe Blow\non_msapps\firefox366\components [2010/09/28 22:53:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Users\Joe Blow\non_msapps\firefox366\plugins [2010/09/16 13:43:30 | 000,000,000 | ---D | M]

[2010/07/07 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\Mozilla\Extensions

[2010/10/09 19:40:38 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\Mozilla\Firefox\Profiles\ksmyaoan.default\extensions

[2010/09/05 14:30:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Joe Blow\AppData\Roaming\Mozilla\Firefox\Profiles\ksmyaoan.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/18 23:08:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joe Blow\AppData\Roaming\Mozilla\Firefox\Profiles\ksmyaoan.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Non_MSApps\AntiVirus_Avira\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\Run: [spybotSD TeaTimer] C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [586377] C:\Users\Joe Blow\AppData\Local\586377.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [ConfigLogicLibraryHPSFConfig] c:\users\joe blow\appdata\local\hewlett-packard\hp support framework\resources\hpsfconfighpsfconfig1.0.0.0.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [DriverFrameworks2.1] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\microsoftframeworks2.1.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [EvenDont] c:\users\joe blow\music\mp3\aerosmith\pump\donteven.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [imageInvisible] C:\Users\Joe Blow\Music\Music\My Music\iTunes\iTunes Music\Thrice\Vheissu\ImageInvisible.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [mtmasktoolsawutided] C:\Users\Joe Blow\AppData\Local\586377.exe File not found

O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [Win32LFBMP12N] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\controlcenter\brccfreltdis12n.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Non_MSApps\Spybot162\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/27 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\Avira

[2010/09/27 10:17:23 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/09/27 10:17:23 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/09/27 10:17:22 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/09/27 10:17:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/09/27 10:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/09/21 13:34:20 | 000,000,000 | ---D | C] -- C:\Downloads

[2010/09/17 16:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/09/17 16:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/09/17 16:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5

[2010/09/10 17:46:25 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\{86AB6C0A-0C9F-43CC-A4D0-50D3A473A570}

[2010/09/08 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2010/09/08 09:52:27 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\To Be Deleted

[2010/09/07 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\Template

[2010/09/07 16:22:46 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\SCANS

[2010/09/06 11:08:59 | 000,000,000 | R--D | C] -- C:\Users\Joe Blow\AppData\Roaming\Brother

[2010/09/05 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\House_dirk

[2010/09/02 20:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2010/08/30 18:36:48 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Windows7

[2010/08/21 09:43:31 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\J2

[2010/08/19 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Documents\Travel

[2010/08/19 17:16:56 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Auto

[2010/08/15 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\Microsoft Help

[2010/08/12 19:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe

[2010/08/12 09:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe

[2010/08/12 09:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

[2010/08/08 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\ElevatedDiagnostics

[2010/08/08 16:57:33 | 000,220,968 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Touch_Tablet.dll

[2010/08/08 16:57:33 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\WTouch

[2010/08/08 16:56:32 | 000,656,240 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll

[2010/08/08 14:29:38 | 000,648,560 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll

[2010/08/07 13:19:32 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll

[2010/08/07 13:19:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx

[2010/08/07 13:19:24 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll

[2010/08/07 13:19:23 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll

[2010/08/07 13:19:22 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll

[2010/08/07 13:19:22 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll

[2010/08/07 13:19:22 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll

[2010/08/07 13:19:22 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll

[2010/08/07 13:19:21 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll

[2010/08/07 13:19:21 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll

[2010/08/07 13:19:21 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll

[2010/08/07 13:19:21 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll

[2010/08/07 13:19:19 | 001,560,064 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll

[2010/08/07 13:19:16 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll

[2010/08/07 13:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother

[2010/08/07 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\InstallShield

[2010/08/07 13:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother

[2010/08/07 11:48:03 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Computer

[2010/08/07 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\PDF Writer

[2010/08/07 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\PDF Writer

[2010/08/07 11:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer

[2010/08/07 11:46:04 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll

[2010/08/07 11:46:04 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll

[2010/08/07 11:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip

[2010/08/07 11:46:03 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll

[2010/08/07 11:46:01 | 000,214,016 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll

[2010/08/06 13:05:08 | 000,000,000 | R-SD | C] -- C:\Users\Joe Blow\Documents\My Stationery

[2010/08/05 22:58:48 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe

[2010/08/05 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Documents\auto

[2010/08/05 11:23:59 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Resume

[2010/07/28 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\Malwarebytes

[2010/07/28 18:24:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/07/28 18:24:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/07/28 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/26 18:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/07/26 18:56:02 | 000,000,000 | ---D | C] -- C:\Non_MSApps

[2010/07/24 07:52:30 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Documents\My PSP Files

[2010/07/24 07:52:30 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\Corel

[2010/07/22 13:34:06 | 000,000,000 | ---D | C] -- C:\Windows\REgistry_Backup

[2010/07/19 23:53:39 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\IsolatedStorage

[2010/07/16 10:08:51 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Roaming\WildTangent

[2010/07/14 14:52:51 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\Karyn

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/11 10:06:45 | 002,359,296 | -HS- | M] () -- C:\Users\Joe Blow\NTUSER.DAT

[2010/10/11 09:08:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/08 11:54:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/08 11:54:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/08 11:50:30 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/10/08 11:47:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/08 11:47:11 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/08 11:46:27 | 004,619,623 | -H-- | M] () -- C:\Users\Joe Blow\AppData\Local\IconCache.db

[2010/10/06 13:20:18 | 000,000,000 | ---- | M] () -- C:\Users\Joe Blow\defogger_reenable

[2010/10/06 11:06:27 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/27 10:17:38 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/26 21:00:57 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/22 11:11:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/22 11:11:04 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/22 11:11:04 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/15 13:54:26 | 000,019,808 | ---- | M] () -- C:\Users\Joe Blow\Desktop\JZRES201015.docx

[2010/09/14 09:13:08 | 000,000,120 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\Eqeyogaxeyuva.dat

[2010/09/14 09:13:08 | 000,000,000 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\Chokucudiro.bin

[2010/09/08 16:33:54 | 000,000,393 | ---- | M] () -- C:\Users\Joe Blow\Desktop\Portable (Z) - Shortcut.lnk

[2010/09/08 15:57:44 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Google Desktop.lnk

[2010/09/07 17:43:12 | 000,000,198 | ---- | M] () -- C:\Users\Joe Blow\AppData\Roaming\wklnhst.dat

[2010/09/05 19:15:13 | 000,003,770 | ---- | M] () -- C:\Users\Joe Blow\homedepot.rtf

[2010/09/01 18:35:50 | 000,052,819 | ---- | M] () -- C:\Users\Joe Blow\Unemployment_PhoneNum.pdf

[2010/09/01 18:30:28 | 000,064,760 | ---- | M] () -- C:\Users\Joe Blow\Unemployment_Confirmation.pdf

[2010/09/01 18:29:48 | 000,054,177 | ---- | M] () -- C:\Users\Joe Blow\Unemploymen2.pdf

[2010/09/01 18:28:41 | 000,053,913 | ---- | M] () -- C:\Users\Joe Blow\Unemploymen.pdf

[2010/08/15 11:46:46 | 000,048,640 | ---- | M] () -- C:\Users\Joe Blow\Desktop\bookclub.doc

[2010/08/12 19:23:40 | 000,002,119 | ---- | M] () -- C:\Users\Joe Blow\Desktop\LightScribe Simple Labeler.lnk

[2010/08/12 09:47:47 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk

[2010/08/12 09:38:45 | 000,375,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/11 21:17:01 | 000,001,028 | ---- | M] () -- C:\Users\Joe Blow\Desktop\Joe Blow - Shortcut (2).lnk

[2010/08/11 21:15:55 | 000,001,028 | ---- | M] () -- C:\Users\Joe Blow\Desktop\Joe Blow - Shortcut.lnk

[2010/08/07 13:20:38 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk

[2010/08/07 13:20:17 | 000,000,257 | ---- | M] () -- C:\Windows\Brpfx04a.ini

[2010/08/07 13:20:17 | 000,000,094 | ---- | M] () -- C:\Windows\brpcfx.ini

[2010/08/07 13:20:01 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2010/08/07 13:20:01 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI

[2010/08/07 13:19:32 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini

[2010/08/07 13:19:32 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08a.dat

[2010/08/05 22:59:24 | 000,002,083 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK

[2010/08/02 20:18:26 | 003,778,368 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000672.0

[2010/08/02 20:18:26 | 000,852,743 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000672.JPG

[2010/07/28 18:24:13 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/26 18:58:33 | 000,001,202 | ---- | M] () -- C:\Users\Joe Blow\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/07/26 18:58:33 | 000,001,178 | ---- | M] () -- C:\Users\Joe Blow\Desktop\Spybot - Search & Destroy.lnk

[2010/07/24 11:20:26 | 000,328,327 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000423.JPG

[2010/07/24 11:20:25 | 002,232,696 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000423.0

[2010/07/24 11:19:51 | 001,442,689 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.JPG

[2010/07/24 11:19:49 | 001,447,922 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.1

[2010/07/24 11:19:48 | 005,592,424 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.0

[2010/07/22 19:21:49 | 000,002,399 | ---- | M] () -- C:\Users\Joe Blow\Documents\ComptrollerNationalBanks.rtf

[2010/07/22 12:07:32 | 000,001,903 | ---- | M] () -- C:\Users\Joe Blow\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/18 07:43:15 | 003,819,158 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000566.0

[2010/07/18 07:43:15 | 001,012,537 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000566.JPG

[2010/07/13 14:26:08 | 000,656,240 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll

[2010/07/13 14:26:08 | 000,648,560 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 13:20:18 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\defogger_reenable

[2010/10/06 11:05:26 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/27 10:17:38 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/26 21:00:57 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/17 16:38:03 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/09/15 13:54:26 | 000,019,808 | ---- | C] () -- C:\Users\Joe Blow\Desktop\JZRES201015.docx

[2010/09/10 17:46:26 | 000,000,120 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\Eqeyogaxeyuva.dat

[2010/09/10 17:46:26 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\Chokucudiro.bin

[2010/09/08 16:33:54 | 000,000,393 | ---- | C] () -- C:\Users\Joe Blow\Desktop\Portable (Z) - Shortcut.lnk

[2010/09/08 15:57:44 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk

[2010/09/07 17:42:33 | 000,000,198 | ---- | C] () -- C:\Users\Joe Blow\AppData\Roaming\wklnhst.dat

[2010/09/05 13:24:19 | 000,003,770 | ---- | C] () -- C:\Users\Joe Blow\homedepot.rtf

[2010/09/01 18:36:28 | 000,060,416 | -HS- | C] () -- C:\Users\Joe Blow\Thumbs.db

[2010/09/01 18:35:50 | 000,052,819 | ---- | C] () -- C:\Users\Joe Blow\Unemployment_PhoneNum.pdf

[2010/09/01 18:30:28 | 000,064,760 | ---- | C] () -- C:\Users\Joe Blow\Unemployment_Confirmation.pdf

[2010/09/01 18:29:48 | 000,054,177 | ---- | C] () -- C:\Users\Joe Blow\Unemploymen2.pdf

[2010/09/01 18:28:41 | 000,053,913 | ---- | C] () -- C:\Users\Joe Blow\Unemploymen.pdf

[2010/08/15 11:46:45 | 000,048,640 | ---- | C] () -- C:\Users\Joe Blow\Desktop\bookclub.doc

[2010/08/12 19:23:40 | 000,002,119 | ---- | C] () -- C:\Users\Joe Blow\Desktop\LightScribe Simple Labeler.lnk

[2010/08/12 09:47:47 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk

[2010/08/11 21:17:01 | 000,001,028 | ---- | C] () -- C:\Users\Joe Blow\Desktop\Joe Blow - Shortcut (2).lnk

[2010/08/11 21:15:55 | 000,001,028 | ---- | C] () -- C:\Users\Joe Blow\Desktop\Joe Blow - Shortcut.lnk

[2010/08/07 13:22:51 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\Sti_Trace.log

[2010/08/07 13:20:38 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk

[2010/08/07 13:20:17 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2010/08/07 13:20:17 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2010/08/07 13:20:01 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/08/07 13:20:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/08/07 13:19:32 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf08a.dat

[2010/08/07 13:19:24 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2010/08/07 13:19:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2010/08/07 13:19:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010/08/07 13:19:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll

[2010/08/05 22:59:24 | 000,002,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK

[2010/08/02 20:18:26 | 003,778,368 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000672.0

[2010/08/02 20:18:26 | 000,852,743 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000672.JPG

[2010/07/28 18:24:13 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/26 18:58:33 | 000,001,202 | ---- | C] () -- C:\Users\Joe Blow\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/07/26 18:58:33 | 000,001,178 | ---- | C] () -- C:\Users\Joe Blow\Desktop\Spybot - Search & Destroy.lnk

[2010/07/24 11:20:25 | 002,232,696 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000423.0

[2010/07/24 11:20:25 | 000,328,327 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000423.JPG

[2010/07/24 11:19:50 | 001,447,922 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.1

[2010/07/24 11:19:48 | 005,592,424 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.0

[2010/07/24 11:19:48 | 001,442,689 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000413.JPG

[2010/07/22 19:13:09 | 000,002,399 | ---- | C] () -- C:\Users\Joe Blow\Documents\ComptrollerNationalBanks.rtf

[2010/07/18 07:43:15 | 003,819,158 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000566.0

[2010/07/18 07:43:15 | 001,012,537 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000566.JPG

[2010/07/13 01:48:28 | 004,789,352 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000313.0

[2010/07/13 01:48:28 | 000,886,765 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000313.JPG

[2010/07/13 01:47:45 | 000,811,242 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000320.JPG

[2010/07/13 01:47:44 | 003,652,364 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\tmpP1000320.0

[2010/07/07 20:43:15 | 000,000,764 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/07/07 20:29:33 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\QSwitch.txt

[2010/07/07 20:29:33 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\DSwitch.txt

[2010/07/07 20:29:33 | 000,000,000 | ---- | C] () -- C:\Users\Joe Blow\AppData\Local\AtStart.txt

[2010/07/07 20:29:31 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2010/03/08 01:42:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2010/03/08 01:42:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2010/03/08 01:42:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2010/03/08 01:42:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2010/03/08 01:41:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2010/03/08 01:38:13 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2010/03/08 01:38:13 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2010/03/08 01:38:13 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2010/03/08 01:38:13 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2010/03/08 01:38:13 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2010/03/08 01:38:13 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2010/03/08 01:13:29 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/03/08 01:13:29 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009/10/30 22:36:55 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/10/30 22:33:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009/10/30 22:32:14 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/10/30 22:31:42 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2009/09/29 15:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/08/19 20:35:28 | 000,005,994 | ---- | C] () -- C:\Windows\UN080717.INI

[2007/09/19 13:37:28 | 000,005,166 | ---- | C] () -- C:\Windows\UN070209.INI

========== LOP Check ==========

[2010/08/07 11:47:37 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\PDF Writer

[2010/09/07 17:59:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\Template

[2010/07/16 10:08:51 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\WildTangent

[2010/08/08 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Joe Blow\AppData\Roaming\WTouch

[2009/07/13 22:08:49 | 000,025,126 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010/10/08 11:47:11 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/08 11:47:15 | 4022,542,336 | -HS- | M] () -- C:\pagefile.sys

[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

============================================================================

Extras.Txt

OTL Extras logfile created on: 10/11/2010 10:04:26 AM - Run 1

OTL by OldTimer - Version 3.2.15.0 Folder = C:\Non_MSApps\OTL

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 182.77 Gb Total Space | 117.28 Gb Free Space | 64.17% Space Free | Partition Type: NTFS

Drive D: | 17.37 Gb Total Space | 2.82 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Drive E: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32

Drive G: | 29.30 Gb Total Space | 29.21 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Drive K: | 68.36 Gb Total Space | 68.27 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

Computer Name: JOEBLOW-PC | User Name: Joe Blow | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1244228618-215558061-1820031025-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Users\Joe Blow\non_msapps\firefox366\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195

"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

"HitmanPro35" = Hitman Pro 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 20

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{3CD3B705-467B-408D-A09D-5BF61A59F088}" = HP MediaSmart/TouchSmart Netflix

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Google Desktop" = Google Desktop

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70

"Hardcopy(C__Non_MSApps_Hardcopy)" = Hardcopy (C:\Non_MSApps\Hardcopy)

"HitmanPro35" = Hitman Pro 3.5

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)

"Pen Tablet Driver" = Bamboo

"UN070209" = Uninstall of File Security Tool

"UN080717" = BUFFALO HD-CELU2 Connection Tool

"WildTangent hp Master Uninstall" = HP Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1244228618-215558061-1820031025-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HuluDesktop" = Hulu Desktop

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/12/2010 10:46:32 PM | Computer Name = JoeBlow-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 10:46:37 PM | Computer Name = JoeBlow-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 10:46:52 PM | Computer Name = JoeBlow-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/13/2010 1:16:11 PM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/16/2010 3:31:25 AM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/19/2010 12:20:03 PM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/19/2010 10:18:59 PM | Computer Name = JoeBlow-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/20/2010 10:31:26 AM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/21/2010 4:06:46 PM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/23/2010 10:07:42 PM | Computer Name = JoeBlow-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]

Error - 7/8/2010 11:18:12 PM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object

resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 9/25/2010 11:09:21 AM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object

A_0, EventArgs A_1)

Error - 9/25/2010 11:09:22 AM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object

A_0, EventArgs A_1)

Error - 10/8/2010 2:33:42 PM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object

A_0, EventArgs A_1)

Error - 10/8/2010 2:33:42 PM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object

A_0, EventArgs A_1)

Error - 10/8/2010 2:57:05 PM | Computer Name = JoeBlow-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object

A_0, EventArgs A_1)

[ System Events ]

Error - 9/27/2010 12:37:43 AM | Computer Name = JoeBlow-PC | Source = DCOM | ID = 10016

Description =

Error - 9/27/2010 2:37:28 AM | Computer Name = JoeBlow-PC | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.103

with the system having network hardware address 00-00-00-00-00-00. Network operations

on this system may be disrupted as a result.

Error - 9/27/2010 1:17:52 PM | Computer Name = JoeBlow-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for Start with the following error:

%%5

Error - 9/27/2010 1:25:11 PM | Computer Name = JoeBlow-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 9/27/2010 1:26:31 PM | Computer Name = JoeBlow-PC | Source = DCOM | ID = 10016

Description =

Error - 9/27/2010 2:17:25 PM | Computer Name = JoeBlow-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 9/27/2010 2:18:44 PM | Computer Name = JoeBlow-PC | Source = DCOM | ID = 10016

Description =

Error - 9/27/2010 6:15:47 PM | Computer Name = JoeBlow-PC | Source = DCOM | ID = 10016

Description =

Error - 9/27/2010 6:30:52 PM | Computer Name = JoeBlow-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for Start with the following error:

%%5

Error - 9/27/2010 6:32:33 PM | Computer Name = JoeBlow-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

< End of report >

Link to post
Share on other sites

Hi,

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - prefs.js..extensions.enabledItems: {86AB6C0A-0C9F-43CC-A4D0-50D3A473A570}:1.9.1
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [586377] C:\Users\Joe Blow\AppData\Local\586377.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [ConfigLogicLibraryHPSFConfig] c:\users\joe blow\appdata\local\hewlett-packard\hp support framework\resources\hpsfconfighpsfconfig1.0.0.0.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [DriverFrameworks2.1] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\microsoftframeworks2.1.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [EvenDont] c:\users\joe blow\music\mp3\aerosmith\pump\donteven.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [ImageInvisible] C:\Users\Joe Blow\Music\Music\My Music\iTunes\iTunes Music\Thrice\Vheissu\ImageInvisible.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [mtmasktoolsawutided] C:\Users\Joe Blow\AppData\Local\586377.exe File not found
    O4 - HKU\S-1-5-21-1244228618-215558061-1820031025-1001..\RunServices: [Win32LFBMP12N] c:\users\joe blow\appdata\local\temp\{9b0b26e4-8f55-4750-bbc9-2d11108adb65}\{20e970df-a7b2-4345-9deb-72213a29645e}\controlcenter\brccfreltdis12n.exe File not found
    [2010/09/10 17:46:25 | 000,000,000 | ---D | C] -- C:\Users\Joe Blow\AppData\Local\{86AB6C0A-0C9F-43CC-A4D0-50D3A473A570}
    [2010/09/14 09:13:08 | 000,000,120 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\Eqeyogaxeyuva.dat
    [2010/09/14 09:13:08 | 000,000,000 | ---- | M] () -- C:\Users\Joe Blow\AppData\Local\Chokucudiro.bin
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


    :Services

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

After running OTL, I rebooted the machine. An OTL window appeared with a blank desktop. I closed the window and proceeded with MWB.

From MWB:

Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==========================

Online Scan reported No threats found.

Scan Time: 2:36:05

Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :welcome:

Open OTL

  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]


  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :blink:

Link to post
Share on other sites

Hi,

You're welcome. Glad I could help. :welcome:

If you don't mind me asking, what in particular was removed from my machine?

A FireFox hijacker. You shouldn't have had the redirection in another browser, for example Internet Explorer, Opera or Google Chrome.

Is this something that would have been put on simply by going to a website?

I'm afraid that's impossible to tell.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.