Program shutting down

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Program shutting down3rd March 2012, 4:02 am

While I was trying to resolve an issue with my laptop, noticed Adobe Reader kept shutting down. am unable to print and view pdfs. then somehow my Microsoft Word disappeared and Works was somehow on there. I repaired the Microsoft office program, but still issue with Reader. Think there might be something wrong... Your help is appreciated (:

Here are my logs:
OTL logfile created on: 2/28/2012 9:24:12 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Sonia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.86% Memory free
7.98 Gb Paging File | 6.29 Gb Available in Paging File | 78.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.25 Gb Total Space | 445.91 Gb Free Space | 76.32% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 2.16 Gb Free Space | 18.24% Space Free | Partition Type: NTFS

Computer Name: MALDONADO2 | User Name: Sonia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/27 12:22:25 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sonia\Downloads\OTL.com
PRC - [2012/02/23 10:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/02/23 10:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 10:36:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/16 08:39:06 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/28 14:24:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/20 04:59:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/08/20 04:58:51 | 000,985,984 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
PRC - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2002/09/17 18:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 10:32:27 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/18 12:11:20 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2012/02/15 03:36:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/15 03:30:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 03:29:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 03:29:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 03:29:41 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 03:29:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 03:29:19 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 03:29:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 03:29:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 03:28:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 03:28:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/04 16:51:30 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/10/14 08:29:06 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011/10/14 08:28:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/29 23:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/29 23:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/29 23:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/29 23:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/29 23:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/29 23:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/29 23:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/29 23:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/05/26 02:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/23 10:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/02/10 14:12:59 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/16 08:39:06 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/28 14:24:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/20 04:59:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/27 21:02:03 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/02/23 10:12:43 | 000,817,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/02/23 10:12:42 | 000,335,704 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/02/23 10:11:04 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/02/23 10:10:43 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/02/23 10:10:38 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/02/23 10:10:19 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC)
DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/20 04:59:18 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/20 04:59:18 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 08:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/16 05:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/01/09 13:28:42 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\incdrm.sys -- (incdrm)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z149&install_date=20110914
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:7.1.0.5277
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1407
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20110914&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sonia\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sonia\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 16:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/06 10:36:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/02/26 11:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 23:07:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/22 10:49:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 16:57:43 | 000,000,000 | ---D | M]

[2009/12/01 14:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonia\AppData\Roaming\Mozilla\Extensions
[2012/02/28 09:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\extensions
[2011/09/14 17:40:15 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/11/19 17:59:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/21 09:36:18 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/09/18 21:14:08 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\extensions\FFToolbar@upromise
[2010/01/25 07:19:43 | 000,002,425 | ---- | M] () -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\searchplugins\askcom.xml
[2011/09/14 17:40:20 | 000,001,945 | ---- | M] () -- C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\searchplugins\bing-zugo.xml
[2011/10/21 18:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/12 14:34:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/04 07:14:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 13:54:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 15:46:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/23 08:22:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 18:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/16 08:44:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/03 17:54:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/21 18:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/02/26 11:26:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/06 10:36:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/15 22:00:51 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/15 22:00:51 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sonia\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sonia\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sonia\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Sonia\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Sonia\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Sonia\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EBD35A3-A21D-4831-A4D2-79945BEA675C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a02861a-ac0f-11df-85d5-406186308c94}\Shell - "" = AutoRun
O33 - MountPoints2\{1a02861a-ac0f-11df-85d5-406186308c94}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: atashost - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {39314FA5-6A49-8B8B-3C22-7E0235B7FEF3} - Microsoft Windows Media Player
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9B4EB1B0-FE05-169E-40A7-778134F4B401} - Offline Browsing Pack
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5778BDD-5723-89D7-2188-03C796EACE24} - Microsoft Windows Media Player 12.0
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {F9EAD078-D2C2-07D9-D835-A6850401B797} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{8CC2FDC0-0C5D-11D7-AD8E-0050DA87D0EB}S25425 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

Re: Program shutting down3rd March 2012, 4:03 am

[2012/02/28 14:19:55 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Sonia\Desktop\OTLPEStd(2).exe
[2012/02/28 09:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012/02/27 21:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/02/27 21:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2012/02/27 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/02/27 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISO Burner
[2012/02/26 11:26:50 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/26 11:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/22 17:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/20 15:14:53 | 000,000,000 | ---D | C] -- C:\Users\Sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/15 01:15:56 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 01:15:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 01:15:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 01:15:48 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 01:15:31 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 01:15:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 01:15:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 01:15:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 01:15:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 01:15:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 01:15:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/07 15:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaFACE 4.0
[2012/02/07 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Fellowes
[2012/02/07 15:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fellowes
[2012/02/07 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Sonia\Documents\Avery Templates
[2012/02/07 13:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/02/06 15:21:31 | 000,000,000 | ---D | C] -- C:\Users\Sonia\AppData\Local\MicroVision Applications
[2012/02/06 12:57:24 | 000,289,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/02/06 12:57:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2012/02/06 12:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SureThing Shared
[2012/02/06 12:57:24 | 000,000,000 | ---D | C] -- C:\Windows\MVUNINST
[2012/02/04 16:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/04 16:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/31 10:13:23 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 10:13:22 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 10:13:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 10:13:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 10:13:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 10:13:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2009/11/30 11:23:48 | 000,198,528 | ---- | C] () -- C:\Users\Sonia\AppData\Local\GDIPFONTCACHEV1.DAT
[4 C:\Users\Sonia\Documents\*.tmp files -> C:\Users\Sonia\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 21:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001UA.job
[2012/02/28 21:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 19:01:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 19:01:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 18:54:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 18:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 18:53:28 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 18:44:54 | 000,000,031 | ---- | M] () -- C:\Windows\MCDB.ini
[2012/02/28 15:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001Core.job
[2012/02/28 14:23:10 | 098,385,920 | ---- | M] () -- C:\dvdcd.iso
[2012/02/28 14:20:23 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Sonia\Desktop\OTLPEStd(2).exe
[2012/02/28 10:27:54 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/02/27 21:02:03 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012/02/27 20:31:47 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\dvdwincd20.dll
[2012/02/27 20:30:10 | 000,001,818 | ---- | M] () -- C:\Users\Sonia\Desktop\ISO Burner v8.23.lnk
[2012/02/26 11:58:54 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/26 11:26:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/26 11:25:38 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/25 02:56:52 | 000,505,072 | ---- | M] () -- C:\Users\Sonia\Desktop\Sonia tax.bmp
[2012/02/25 02:53:53 | 000,173,045 | ---- | M] () -- C:\Users\Sonia\Desktop\Sonia tax.psd
[2012/02/24 23:19:14 | 004,375,552 | ---- | M] () -- C:\Users\Sonia\Desktop\Ely.pmd
[2012/02/23 10:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 10:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/23 10:23:10 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/23 10:12:43 | 000,817,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/23 10:12:42 | 000,335,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/23 10:11:04 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/23 10:10:43 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/23 10:10:38 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/23 10:10:19 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/22 17:26:21 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/22 17:26:21 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/22 10:32:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/20 15:14:54 | 000,002,318 | ---- | M] () -- C:\Users\Sonia\Desktop\Google Chrome.lnk
[2012/02/18 12:05:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSonia.job
[2012/02/15 03:24:06 | 000,645,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 03:05:02 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/15 03:05:02 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/15 03:05:02 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/07 15:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\MediaFACE 4.0 Design Wizard.lnk
[2012/02/06 17:30:13 | 000,234,033 | ---- | M] () -- C:\Users\Sonia\Documents\back2.std
[2012/02/06 16:29:04 | 000,212,291 | ---- | M] () -- C:\Users\Sonia\Documents\one.std
[2012/02/06 15:25:43 | 000,250,288 | ---- | M] () -- C:\Users\Sonia\Desktop\back.jpg
[2012/02/06 15:25:43 | 000,210,347 | ---- | M] () -- C:\Users\Sonia\Desktop\front.jpg
[2012/02/04 16:51:37 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[4 C:\Users\Sonia\Documents\*.tmp files -> C:\Users\Sonia\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 21:02:03 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012/02/27 20:51:26 | 098,385,920 | ---- | C] () -- C:\dvdcd.iso
[2012/02/27 20:31:48 | 000,000,031 | ---- | C] () -- C:\Windows\MCDB.ini
[2012/02/27 20:31:47 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\dvdwincd20.dll
[2012/02/27 20:30:10 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Burner v8.23.lnk
[2012/02/27 20:30:10 | 000,001,818 | ---- | C] () -- C:\Users\Sonia\Desktop\ISO Burner v8.23.lnk
[2012/02/27 20:30:10 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\DVDCD.dll
[2012/02/26 11:25:38 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/25 02:56:49 | 000,505,072 | ---- | C] () -- C:\Users\Sonia\Desktop\Sonia tax.bmp
[2012/02/25 02:53:53 | 000,173,045 | ---- | C] () -- C:\Users\Sonia\Desktop\Sonia tax.psd
[2012/02/22 10:49:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/22 10:49:18 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/20 15:14:54 | 000,002,318 | ---- | C] () -- C:\Users\Sonia\Desktop\Google Chrome.lnk
[2012/02/20 15:14:24 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001UA.job
[2012/02/20 15:14:24 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001Core.job
[2012/02/20 15:00:21 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/20 15:00:20 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/14 14:23:35 | 004,375,552 | ---- | C] () -- C:\Users\Sonia\Desktop\Ely.pmd
[2012/02/07 15:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\MediaFACE 4.0 Design Wizard.lnk
[2012/02/06 17:30:13 | 000,234,033 | ---- | C] () -- C:\Users\Sonia\Documents\back2.std
[2012/02/06 16:29:04 | 000,212,291 | ---- | C] () -- C:\Users\Sonia\Documents\one.std
[2012/02/04 19:46:22 | 000,250,288 | ---- | C] () -- C:\Users\Sonia\Desktop\back.jpg
[2012/02/04 19:46:20 | 000,210,347 | ---- | C] () -- C:\Users\Sonia\Desktop\front.jpg
[2012/02/04 16:51:37 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/10/03 12:09:48 | 000,000,093 | ---- | C] () -- C:\Users\Sonia\AppData\Local\fusioncache.dat
[2011/10/03 11:34:05 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/03 11:32:51 | 000,000,011 | ---- | C] () -- C:\Windows\PrintWorkShop2004.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/24 14:52:54 | 000,869,811 | ---- | C] () -- C:\Users\Sonia\AppData\Local\tmp002EDIT2.0
[2011/03/24 14:52:54 | 000,372,999 | ---- | C] () -- C:\Users\Sonia\AppData\Local\tmp002EDIT2.JPG
[2010/09/08 16:57:28 | 000,023,142 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/09/08 16:35:36 | 000,165,449 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/09/08 16:35:36 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/13 10:00:53 | 000,000,094 | -H-- | C] () -- C:\Windows\SysWow64\spv1_WCssg.ini
[2010/05/18 14:06:15 | 000,002,669 | ---- | C] () -- C:\Users\Sonia\AppData\Local\tmpFDT.FCGI.0
[2010/05/18 14:06:15 | 000,001,621 | ---- | C] () -- C:\Users\Sonia\AppData\Local\tmpFDT.FCGI.JPG
[2010/04/28 17:11:40 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/04/28 17:11:40 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/04/28 17:11:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/04/28 17:11:40 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/04/05 20:11:18 | 000,059,634 | ---- | C] () -- C:\Users\Sonia\AppData\Local\tmpNEW-7.JPG
[2010/03/12 14:35:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/28 14:20:23 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Sonia\Desktop\OTLPEStd(2).exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/02/02 10:18:51 | 001,084,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Sonia\APEX9_Win_WEB_WWEFG.exe
[2011/02/14 11:54:21 | 000,072,080 | ---- | M] () -- C:\Users\Sonia\g2mdlhlpx.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/02/18 12:11:20 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/02/18 12:11:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/02/18 12:11:20 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/12/02 11:44:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2012/02/22 10:49:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/02/04 14:11:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Agatha Christie - Peril at End House
[2009/12/25 21:39:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ahead
[2011/12/30 19:59:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/07/12 12:07:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/02/02 20:04:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\bfgclient
[2011/10/12 08:19:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/02/14 11:54:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2012/02/06 12:57:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/09/14 17:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Complitly
[2010/06/13 11:42:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2009/08/20 04:28:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2012/02/07 15:32:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fellowes
[2011/11/17 10:07:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/02/04 16:51:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/11/05 15:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\hp
[2010/06/13 10:00:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2012/02/27 21:01:32 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/15 03:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/02/27 20:30:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ISO Burner
[2011/12/21 10:03:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/10/21 18:49:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/08/20 04:53:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2012/02/27 21:01:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LSoft Technologies
[2012/02/22 17:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2011/06/30 20:13:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/02/16 10:50:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/02/24 10:56:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/12/15 23:03:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/25 02:01:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/18 12:11:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/08/20 04:57:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2009/12/01 23:03:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/02/02 21:33:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Murder She Wrote
[2010/10/12 08:23:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Swift Sound
[2009/08/20 04:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2009/08/20 04:59:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2009/08/20 04:58:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/02/11 15:19:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oberon Media
[2010/03/19 16:32:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2009/08/20 04:34:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2010/01/09 18:56:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayFirst
[2011/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/12/06 10:37:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/08/20 04:21:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/05/02 19:04:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shockwave.com
[2010/03/12 14:34:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/02/21 23:08:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpywareBlaster
[2010/02/02 20:05:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Super Granny 3
[2009/08/20 04:43:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2009/08/20 04:21:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2010/04/28 17:11:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trojan Remover
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/07/09 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/07/09 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/07/09 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/07/09 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/07/09 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/01/23 12:34:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 00:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 00:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 00:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 07:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 07:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/18 12:11:20 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/18 12:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:084B0270
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:086DE893
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EC855C73
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D63538E3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:F264BECE

Re: Program shutting down3rd March 2012, 4:04 am

OTL Extras logfile created on: 2/28/2012 9:34:58 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Sonia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.76% Memory free
7.98 Gb Paging File | 6.17 Gb Available in Paging File | 77.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.25 Gb Total Space | 446.48 Gb Free Space | 76.42% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 2.16 Gb Free Space | 18.24% Space Free | Partition Type: NTFS

Computer Name: MALDONADO2 | User Name: Sonia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{A421348C-43DF-46F8-8024-7ABC9F92A682}" = HP Printer Quality Research Study
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"avast" = avast! Free Antivirus
"BFG-Agatha Christie - Peril at End House" = Agatha Christie: Peril at End House
"BFGC" = Big Fish Games: Game Manager
"BFG-Murder She Wrote" = Murder, She Wrote
"BFG-Super Granny 3" = Super Granny 3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diner Dash Hometown Hero - Gourmet" = Diner Dash Hometown Hero - Gourmet
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"ISO Burner v8.23 (Trial version)" = ISO Burner v8.23 (Trial version)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"MRW!UninstallKey" = InCD EasyWrite Reader (Ahead Software)
"NIS" = Norton Internet Security
"PROR" = Microsoft Office Professional 2007
"RealPlayer 15.0" = RealPlayer
"Sara's Super Spa Deluxe" = Sara's Super Spa Deluxe
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Switch" = Switch Sound File Converter
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Wedding Dash 2" = Wedding Dash 2
"WildTangent hp Master Uninstall" = HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2010 9:30:37 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 12/9/2010 9:30:37 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 12/9/2010 9:30:38 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/9/2010 9:30:38 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012

Error - 12/9/2010 9:30:38 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012

Error - 12/9/2010 9:30:39 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/9/2010 9:30:39 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3010

Error - 12/9/2010 9:30:39 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3010

Error - 12/9/2010 9:30:40 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/9/2010 9:30:40 PM | Computer Name = Maldonado2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009

[ Hewlett-Packard Events ]
Error - 4/29/2011 4:37:39 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041129033733.xml
File not created by asset agent

Error - 5/13/2011 9:44:41 AM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051113084438.xml
File not created by asset agent

Error - 6/3/2011 9:34:49 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061103083440.xml
File not created by asset agent

Error - 6/10/2011 9:06:56 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061110080654.xml
File not created by asset agent

Error - 6/10/2011 9:06:59 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061110080657.xml
File not created by asset agent

Error - 6/17/2011 9:18:59 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061117081856.xml
File not created by asset agent

Error - 6/17/2011 9:19:01 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061117081859.xml
File not created by asset agent

Error - 7/29/2011 9:58:48 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071129085845.xml
File not created by asset agent

Error - 8/6/2011 3:43:20 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081106024317.xml
File not created by asset agent

Error - 9/9/2011 9:18:45 PM | Computer Name = Maldonado2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109081836.xml
File not created by asset agent

[ OSession Events ]
Error - 1/23/2010 11:05:26 PM | Computer Name = Maldonado2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 480
seconds with 420 seconds of active time. This session ended with a crash.

Error - 2/10/2010 2:01:55 PM | Computer Name = Maldonado2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/10/2010 2:02:09 PM | Computer Name = Maldonado2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/10/2010 2:03:54 PM | Computer Name = Maldonado2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/28/2012 10:58:41 AM | Computer Name = Maldonado2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
incdrm SRTSP

Error - 2/28/2012 8:43:53 PM | Computer Name = Maldonado2 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/28/2012 8:44:02 PM | Computer Name = Maldonado2 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/28/2012 8:44:11 PM | Computer Name = Maldonado2 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/28/2012 8:44:20 PM | Computer Name = Maldonado2 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/28/2012 8:53:25 PM | Computer Name = Maldonado2 | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 2/28/2012 8:53:25 PM | Computer Name = Maldonado2 | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 2/28/2012 8:53:25 PM | Computer Name = Maldonado2 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\incdrm.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 2/28/2012 8:53:30 PM | Computer Name = Maldonado2 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\incdrm.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 2/28/2012 8:54:01 PM | Computer Name = Maldonado2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
incdrm SRTSP

< End of report >

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 21:47:47
-----------------------------
21:47:47.596 OS Version: Windows x64 6.1.7601 Service Pack 1
21:47:47.597 Number of processors: 2 586 0x170A
21:47:47.598 ComputerName: MALDONADO2 UserName: Sonia
21:47:49.616 Initialize success
21:47:53.263 AVAST engine defs: 12022802
21:48:00.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:00.220 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
21:48:00.235 Disk 0 MBR read successfully
21:48:00.239 Disk 0 MBR scan
21:48:00.245 Disk 0 unknown MBR code
21:48:00.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:48:00.267 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598269 MB offset 206848
21:48:00.302 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12109 MB offset 1225461760
21:48:00.354 Disk 0 scanning C:\Windows\system32\drivers
21:48:11.255 Service scanning
21:48:23.272 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:48:27.008 Modules scanning
21:48:27.023 Disk 0 trace - called modules:
21:48:27.043 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046ca2c0]<21:48:27.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800496a410]
21:48:27.053 3 CLASSPNP.SYS[fffff88001bb143f] -> nt!IofCallDriver -> [0xfffffa80047b5e40]
21:48:27.057 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004799060]
21:48:27.062 \Driver\atapi[0xfffffa800478b4b0] -> IRP_MJ_CREATE -> 0xfffffa80046ca2c0
21:48:28.174 AVAST engine scan C:\Windows
21:48:31.589 AVAST engine scan C:\Windows\system32
21:50:29.299 AVAST engine scan C:\Windows\system32\drivers
21:50:39.073 AVAST engine scan C:\Users\Sonia
22:11:49.185 AVAST engine scan C:\ProgramData
22:19:04.374 Scan finished successfully
22:19:23.182 Disk 0 MBR has been saved successfully to "C:\Users\Sonia\Desktop\MBR.dat"
22:19:23.191 The log file has been saved successfully to "C:\Users\Sonia\Desktop\aswMBR.txt"

Re: Program shutting down3rd March 2012, 5:05 am

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Norton Internet Security
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.4
Trojan Remover 6.8.1
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (3.6.27) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

Re: Program shutting down6th March 2012, 12:12 am

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Re: Program shutting down8th March 2012, 3:45 pm

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 23:30:44
-----------------------------
23:30:44.949 OS Version: Windows x64 6.1.7601 Service Pack 1
23:30:44.949 Number of processors: 2 586 0x170A
23:30:44.950 ComputerName: MALDONADO2 UserName: Sonia
23:30:48.827 Initialize success
23:30:51.619 AVAST engine defs: 12030501
23:31:33.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:31:33.613 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
23:31:33.625 Disk 0 MBR read successfully
23:31:33.628 Disk 0 MBR scan
23:31:33.631 Disk 0 unknown MBR code
23:31:33.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:31:33.649 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598269 MB offset 206848
23:31:33.676 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12109 MB offset 1225461760
23:31:33.714 Disk 0 scanning C:\Windows\system32\drivers
23:31:40.876 Service scanning
23:31:53.111 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:31:57.266 Modules scanning
23:31:57.267 Disk 0 trace - called modules:
23:31:57.274 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a832c0]<23:31:57.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004969390]
23:31:57.275 3 CLASSPNP.SYS[fffff88001b6c43f] -> nt!IofCallDriver -> [0xfffffa80047b0520]
23:31:57.275 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004798060]
23:31:57.276 \Driver\atapi[0xfffffa800478acb0] -> IRP_MJ_CREATE -> 0xfffffa8003a832c0
23:31:59.572 AVAST engine scan C:\Windows
23:32:03.513 AVAST engine scan C:\Windows\system32
23:36:32.341 AVAST engine scan C:\Windows\system32\drivers
23:36:42.887 AVAST engine scan C:\Users\Sonia
23:54:40.963 AVAST engine scan C:\ProgramData
00:04:20.742 Scan finished successfully
00:11:36.654 Disk 0 MBR has been saved successfully to "C:\Users\Sonia\Desktop\MBR.dat"
00:11:36.654 The log file has been saved successfully to "C:\Users\Sonia\Desktop\aswMBR.txt"

Re: Program shutting down8th March 2012, 3:58 pm

Please run the MBRCheck.exe instead of the aswMBR.exe

Re: Program shutting down8th March 2012, 5:17 pm

Sorry, I over looked that ):

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NY542AA-ABA s5220f
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 192):
0x02C62000 \SystemRoot\system32\ntoskrnl.exe
0x02C19000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00C02000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C51000 \SystemRoot\system32\PSHED.dll
0x00C65000 \SystemRoot\system32\CLFS.SYS
0x00CC3000 \SystemRoot\system32\CI.dll
0x00E77000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F1B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010D8000 \SystemRoot\System32\Drivers\spdt.sys
0x01000000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01009000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01038000 \SystemRoot\system32\drivers\ACPI.sys
0x0108F000 \SystemRoot\system32\drivers\msisadrv.sys
0x01099000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F2A000 \SystemRoot\system32\drivers\pci.sys
0x010A6000 \SystemRoot\System32\drivers\partmgr.sys
0x010BB000 \SystemRoot\system32\drivers\volmgr.sys
0x00F5D000 \SystemRoot\System32\drivers\volmgrx.sys
0x010D0000 \SystemRoot\system32\drivers\intelide.sys
0x00FB9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC9000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE3000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\amdxata.sys
0x00D83000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E35000 \SystemRoot\system32\drivers\fileinfo.sys
0x01210000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01477000 \SystemRoot\System32\Drivers\msrpc.sys
0x014D5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F0000 \SystemRoot\System32\Drivers\cng.sys
0x01562000 \SystemRoot\System32\drivers\pcw.sys
0x01573000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01642000 \SystemRoot\system32\drivers\ndis.sys
0x01735000 \SystemRoot\system32\drivers\NETIO.SYS
0x01795000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018E0000 \SystemRoot\System32\drivers\tcpip.sys
0x01AE4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B2E000 \SystemRoot\system32\drivers\volsnap.sys
0x01B7A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B82000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BBC000 \SystemRoot\System32\Drivers\mup.sys
0x01BCE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018B6000 \SystemRoot\system32\drivers\cdrom.sys
0x03C0B000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x03D55000 \SystemRoot\System32\Drivers\Null.SYS
0x03D5E000 \SystemRoot\System32\Drivers\Beep.SYS
0x03D65000 \SystemRoot\System32\drivers\vga.sys
0x03D73000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03D98000 \SystemRoot\System32\drivers\watchdog.sys
0x03DA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03DB1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03DBA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03DC3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03DCE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03CD7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03CF9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03D06000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02EC8000 \SystemRoot\system32\drivers\afd.sys
0x02F51000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x02F61000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02FA6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02FAF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02FD5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02E00000 \SystemRoot\system32\drivers\termdd.sys
0x02E14000 \SystemRoot\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS
0x02E28000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E79000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E85000 \SystemRoot\system32\drivers\mssmbios.sys
0x02E90000 \SystemRoot\System32\drivers\discache.sys
0x02E9F000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D18000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0157D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D29000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DDF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03E13000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0446A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0466A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0479B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0479D000 \SystemRoot\system32\drivers\modem.sys
0x047AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04656000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x047B9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x047C6000 \SystemRoot\system32\drivers\CompositeBus.sys
0x047D6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x044A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x017C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x044CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01BD7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043E8000 \SystemRoot\system32\drivers\kbdclass.sys
0x03E00000 \SystemRoot\system32\drivers\mouclass.sys
0x047F8000 \SystemRoot\system32\drivers\swenum.sys
0x01400000 \SystemRoot\system32\drivers\ks.sys
0x01600000 \SystemRoot\system32\drivers\umbus.sys
0x04E9F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EF9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0582D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04F0E000 \SystemRoot\system32\drivers\portcls.sys
0x05800000 \SystemRoot\system32\drivers\drmk.sys
0x05822000 \SystemRoot\system32\drivers\ksthunk.sys
0x059E1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059EF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04F4B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04F54000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x04F67000 \SystemRoot\System32\drivers\Dxapi.sys
0x04F73000 \SystemRoot\system32\drivers\hidusb.sys
0x04F81000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x04F9A000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x04FA3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04FB0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04FCD000 \SystemRoot\system32\drivers\kbdhid.sys
0x04FDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04E00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x04E0E000 \SystemRoot\system32\drivers\luafv.sys
0x04E31000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x04E68000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x04E71000 \SystemRoot\system32\drivers\WudfPf.sys
0x01880000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01895000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x026E2000 \SystemRoot\system32\drivers\HTTP.sys
0x027AB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x027C9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0262D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0267B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E48000 \SystemRoot\system32\drivers\peauth.sys
0x05EEE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05EF9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05F2A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05F3C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0609A000 \SystemRoot\System32\DRIVERS\srv.sys
0x06132000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x061D4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x061E5000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x06000000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x06010000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x06038000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x06042000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x006A0000 \SystemRoot\System32\cdd.dll
0x77C10000 \Windows\System32\ntdll.dll
0x48230000 \Windows\System32\smss.exe
0xFFF30000 \Windows\System32\apisetschema.dll
0xFF410000 \Windows\System32\autochk.exe
0xFFEA0000 \Windows\System32\difxapi.dll
0xFFDD0000 \Windows\System32\usp10.dll
0x77B10000 \Windows\System32\user32.dll
0xFFCF0000 \Windows\System32\oleaut32.dll
0xFFC80000 \Windows\System32\gdi32.dll
0xFFC60000 \Windows\System32\sechost.dll
0xFEED0000 \Windows\System32\shell32.dll
0xFEDC0000 \Windows\System32\msctf.dll
0xFEDB0000 \Windows\System32\nsi.dll
0xFECD0000 \Windows\System32\advapi32.dll
0xFEB50000 \Windows\System32\urlmon.dll
0xFE970000 \Windows\System32\setupapi.dll
0xFE8D0000 \Windows\System32\comdlg32.dll
0xFE870000 \Windows\System32\Wldap32.dll
0xFE850000 \Windows\System32\imagehlp.dll
0xFE5F0000 \Windows\System32\iertutil.dll
0x77DE0000 \Windows\System32\psapi.dll
0xFE550000 \Windows\System32\msvcrt.dll
0xFE4D0000 \Windows\System32\shlwapi.dll
0x77DD0000 \Windows\System32\normaliz.dll
0xFE430000 \Windows\System32\clbcatq.dll
0x779F0000 \Windows\System32\kernel32.dll
0xFE300000 \Windows\System32\wininet.dll
0xFE0F0000 \Windows\System32\ole32.dll
0xFE0A0000 \Windows\System32\ws2_32.dll
0xFE070000 \Windows\System32\imm32.dll
0xFE060000 \Windows\System32\lpk.dll
0xFDF30000 \Windows\System32\rpcrt4.dll
0xFDEF0000 \Windows\System32\wintrust.dll
0xFDEB0000 \Windows\System32\cfgmgr32.dll
0xFDE90000 \Windows\System32\devobj.dll
0xFDE20000 \Windows\System32\KernelBase.dll
0xFDD80000 \Windows\System32\comctl32.dll
0xFDC10000 \Windows\System32\crypt32.dll
0xFDC00000 \Windows\System32\msasn1.dll
0x77840000 \Windows\SysWOW64\normaliz.dll

Processes (total 105):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
464 csrss.exe
524 csrss.exe
532 C:\Windows\System32\wininit.exe
564 C:\Windows\System32\winlogon.exe
624 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
248 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
820 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1164 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1316 C:\Windows\System32\spoolsv.exe
1344 C:\Windows\System32\svchost.exe
1544 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1568 C:\Program Files\LSI SoftModem\agr64svc.exe
1588 C:\Windows\SysWOW64\svchost.exe
1724 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1780 C:\Windows\SysWOW64\atashost.exe
1816 C:\Program Files\Bonjour\mDNSResponder.exe
1852 C:\Windows\System32\svchost.exe
1900 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1924 C:\Windows\SysWOW64\svchost.exe
1944 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1972 C:\Windows\System32\svchost.exe
1996 C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
2236 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\svchost.exe
2704 WUDFHost.exe
1256 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
2300 C:\Windows\System32\svchost.exe
860 C:\Program Files\Windows Media Player\wmpnetwk.exe
408 C:\Windows\System32\SearchIndexer.exe
2988 C:\Windows\System32\taskhost.exe
1540 C:\Windows\System32\dwm.exe
2996 C:\Windows\explorer.exe
2484 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
3088 C:\Windows\System32\hkcmd.exe
3144 C:\Windows\System32\igfxsrvc.exe
3152 C:\Windows\System32\igfxpers.exe
3164 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3176 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3308 C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe
3400 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3460 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3500 C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe
3540 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3588 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3616 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3724 C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3924 C:\Windows\System32\svchost.exe
4068 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
4084 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1204 C:\Windows\System32\taskeng.exe
3408 C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe
3396 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3436 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3612 C:\Windows\System32\svchost.exe
4292 C:\Program Files\iPod\bin\iPodService.exe
4592 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4656 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
4700 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
4784 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4164 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4132 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4144 C:\Windows\System32\svchost.exe
4912 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2832 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6884 C:\Windows\splwow64.exe
8048 csrss.exe
8072 C:\Windows\System32\winlogon.exe
7248 taskhost.exe
7308 dwm.exe
5344 explorer.exe
7328 hkcmd.exe
7724 igfxsrvc.exe
7760 igfxpers.exe
7772 SmartMenu.exe
7380 hpqtra08.exe
7992 hpsysdrv.exe
7460 HP_Remote_Solution.exe
7508 hpwuschd2.exe
7304 SSScheduler.exe
8196 acrotray.exe
8204 PictureMover.exe
8692 iTunesHelper.exe
8736 SetHook.exe
8748 AvastUI.exe
7604 hpqste08.exe
1984 hpqbam08.exe
8884 hpqgpc01.exe
5748 C:\Windows\System32\audiodg.exe
3696 C:\Windows\System32\taskeng.exe
988 C:\Windows\System32\SearchProtocolHost.exe
4468 C:\Windows\System32\SearchFilterHost.exe
3516 C:\Users\Sonia\Downloads\MBRCheck.exe
8952 C:\Windows\System32\conhost.exe
4536 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`16200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 06918A6FF4BC349DF0E59C28556DD5032C88E9C9

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Re: Program shutting down8th March 2012, 6:27 pm

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Re: Program shutting down10th March 2012, 2:33 am

Followed the instructions and received the message that the operation was fixed properly. Tried to view a pdf and print it, but it shut down again ):

Re: Program shutting down11th March 2012, 12:48 am

Please run MBRCheck.exe again and post the log.

I just noticed that you have Norton Internet Security and avast! Free Antivirus. I should warn you to only have one AV program activated at any time on your computer otherwise they will cause conflicts.

Tried to view a pdf and print it, but it shut down again

Did you try uninstalling and re-installing Adobe?

Re: Program shutting down11th March 2012, 9:24 pm

I uninstalled Norton's even though I wasn't using it. It came with the computer and just never took action.

I reinstalled Adobe Reader before and still didn't work. I tried it again today and still the same problem. I tried troubleshooting the compatibility with Windows but there is no options for Windows 7. It automatically uses Windows XP Service Pack 2. The program worked before but now doesn't so don't know what to do still.

Re: Program shutting down12th March 2012, 1:16 am

Could you please run MBRCheck.exe again and post the log?

Re: Program shutting down12th March 2012, 4:31 am

I installed the new Internet Explorer just in case it was my Mozilla browser, now Explorer is doing the same thing as the Adobe Reader. ;(

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NY542AA-ABA s5220f
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 189):
0x02C07000 \SystemRoot\system32\ntoskrnl.exe
0x031F0000 \SystemRoot\system32\hal.dll
0x00BBE000 \SystemRoot\system32\kdcom.dll
0x00C97000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE6000 \SystemRoot\system32\PSHED.dll
0x00CFA000 \SystemRoot\system32\CLFS.SYS
0x00EF8000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01086000 \SystemRoot\System32\Drivers\spoy.sys
0x011AC000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011B5000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\drivers\ACPI.sys
0x01057000 \SystemRoot\system32\drivers\msisadrv.sys
0x01061000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EB3000 \SystemRoot\system32\drivers\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x011E4000 \SystemRoot\system32\drivers\volmgr.sys
0x00D58000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EE6000 \SystemRoot\system32\drivers\intelide.sys
0x00FB8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE2000 \SystemRoot\system32\drivers\atapi.sys
0x00DB4000 \SystemRoot\system32\drivers\ataport.SYS
0x00FEB000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01259000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014E1000 \SystemRoot\System32\Drivers\msrpc.sys
0x0153F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0155A000 \SystemRoot\System32\Drivers\cng.sys
0x015CC000 \SystemRoot\System32\drivers\pcw.sys
0x015DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E8000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018F3000 \SystemRoot\System32\drivers\tcpip.sys
0x01AF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B41000 \SystemRoot\system32\drivers\volsnap.sys
0x01B8D000 \SystemRoot\System32\Drivers\spldr.sys
0x01B95000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BCF000 \SystemRoot\System32\Drivers\mup.sys
0x01BE1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018B6000 \SystemRoot\system32\drivers\cdrom.sys
0x01400000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x018E0000 \SystemRoot\System32\Drivers\Null.SYS
0x018E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BEA000 \SystemRoot\System32\drivers\vga.sys
0x0168B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x016B0000 \SystemRoot\System32\drivers\watchdog.sys
0x016C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x016C9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x016D2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x016DB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017EC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x014CC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03C77000 \SystemRoot\system32\drivers\afd.sys
0x03D00000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x03D10000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D55000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D5E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D84000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D93000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DAE000 \SystemRoot\system32\drivers\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03C68000 \SystemRoot\System32\drivers\discache.sys
0x03DC2000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DE0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0408A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x040E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04108000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04221000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B1C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B62000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04B86000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04C11000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x04D42000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04D44000 \SystemRoot\system32\drivers\modem.sys
0x04D53000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D60000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DB6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04DC7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04DD4000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04DE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04BC3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0411E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0414D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04BE7000 \SystemRoot\system32\drivers\kbdclass.sys
0x04167000 \SystemRoot\system32\drivers\mouclass.sys
0x04C0C000 \SystemRoot\system32\drivers\swenum.sys
0x04176000 \SystemRoot\system32\drivers\ks.sys
0x041B9000 \SystemRoot\system32\drivers\umbus.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0405A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05401000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x055B5000 \SystemRoot\system32\drivers\portcls.sys
0x041CB000 \SystemRoot\system32\drivers\drmk.sys
0x055F2000 \SystemRoot\system32\drivers\ksthunk.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x04A1B000 \SystemRoot\System32\drivers\Dxapi.sys
0x01880000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x041ED000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0406F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0189D000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x01222000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x04BF6000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x0407B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x03DF1000 \SystemRoot\system32\drivers\hidusb.sys
0x015E7000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x047F6000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x00C60000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0124A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00C7B000 \SystemRoot\system32\drivers\kbdhid.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00C89000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00DDE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x018AD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00DEA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00680000 \SystemRoot\System32\cdd.dll
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x022D9000 \SystemRoot\system32\drivers\luafv.sys
0x022FC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02333000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x0233C000 \SystemRoot\system32\drivers\WudfPf.sys
0x0235D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02372000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02200000 \SystemRoot\system32\drivers\HTTP.sys
0x0238A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x023A8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x023C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02AE1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B2F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B53000 \SystemRoot\system32\drivers\peauth.sys
0x02A00000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02A0B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02A3C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A4E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05652000 \SystemRoot\System32\DRIVERS\srv.sys
0x056EA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77110000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFF430000 \Windows\System32\apisetschema.dll
0xFF330000 \Windows\System32\autochk.exe
0xFF340000 \Windows\System32\advapi32.dll
0xFF160000 \Windows\System32\setupapi.dll
0x772E0000 \Windows\System32\normaliz.dll
0xFF050000 \Windows\System32\msctf.dll
0xFEFE0000 \Windows\System32\gdi32.dll
0xFEF80000 \Windows\System32\Wldap32.dll
0xFEEB0000 \Windows\System32\usp10.dll
0xFE120000 \Windows\System32\shell32.dll
0xFE110000 \Windows\System32\lpk.dll
0x76FF0000 \Windows\System32\kernel32.dll
0xFE070000 \Windows\System32\comdlg32.dll
0xFE050000 \Windows\System32\sechost.dll
0xFE000000 \Windows\System32\ws2_32.dll
0xFDED0000 \Windows\System32\rpcrt4.dll
0xFDEC0000 \Windows\System32\nsi.dll
0x76E90000 \Windows\System32\wininet.dll
0x76D40000 \Windows\System32\urlmon.dll
0xFDE20000 \Windows\System32\msvcrt.dll
0xFDE00000 \Windows\System32\imagehlp.dll
0xFDDD0000 \Windows\System32\imm32.dll
0xFDCF0000 \Windows\System32\oleaut32.dll
0xFDC50000 \Windows\System32\clbcatq.dll
0xFDBD0000 \Windows\System32\difxapi.dll
0xFD9C0000 \Windows\System32\ole32.dll
0x76C40000 \Windows\System32\user32.dll
0x772D0000 \Windows\System32\psapi.dll
0x76A30000 \Windows\System32\iertutil.dll
0xFD940000 \Windows\System32\shlwapi.dll
0xFD8A0000 \Windows\System32\comctl32.dll
0xFD860000 \Windows\System32\wintrust.dll
0xFD6F0000 \Windows\System32\crypt32.dll
0xFD6D0000 \Windows\System32\devobj.dll
0xFD690000 \Windows\System32\cfgmgr32.dll
0xFD620000 \Windows\System32\KernelBase.dll
0xFD610000 \Windows\System32\msasn1.dll

Processes (total 80):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
464 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
568 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
356 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
500 C:\Windows\System32\audiodg.exe
676 C:\Windows\servicing\TrustedInstaller.exe
1100 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1256 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1384 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\svchost.exe
1536 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1584 C:\Program Files\LSI SoftModem\agr64svc.exe
1608 C:\Windows\SysWOW64\svchost.exe
1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1764 C:\Windows\SysWOW64\atashost.exe
1800 C:\Program Files\Bonjour\mDNSResponder.exe
1828 C:\Windows\System32\svchost.exe
1864 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1896 C:\Windows\SysWOW64\svchost.exe
1992 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2016 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
2376 C:\Windows\System32\svchost.exe
2400 WUDFHost.exe
2616 C:\Windows\System32\SearchIndexer.exe
3012 C:\Windows\System32\taskhost.exe
2240 C:\Windows\System32\dwm.exe
2816 C:\Windows\explorer.exe
932 WmiPrvSE.exe
2308 C:\Windows\System32\igfxsrvc.exe
2152 C:\Windows\System32\hkcmd.exe
840 C:\Windows\System32\igfxpers.exe
2328 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2844 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2068 C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe
1036 C:\Users\Sonia\AppData\Local\Akamai\netsession_win.exe
948 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2372 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
1428 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
988 C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
2460 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
2440 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3328 C:\Windows\System32\taskeng.exe
3588 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
3608 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3628 C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe
3636 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3904 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
4040 C:\Windows\System32\svchost.exe
2360 C:\Program Files\Windows Media Player\wmpnetwk.exe
3272 C:\Program Files\iPod\bin\iPodService.exe
3992 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3276 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
3300 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
4316 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
4400 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4408 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4792 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
4932 C:\Windows\System32\svchost.exe
1268 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4976 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2236 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2316 C:\Windows\System32\svchost.exe
5020 C:\Users\Sonia\Downloads\MBRCheck.exe
3232 C:\Windows\System32\conhost.exe
1240 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`16200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Re: Program shutting down12th March 2012, 6:50 pm

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Program shutting down NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Program shutting down NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Program shutting down RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Program shutting down Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: Program shutting down12th March 2012, 10:17 pm

ComboFix 12-03-12.03 - Sonia 03/12/2012 15:34:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2680 [GMT -5:00]
Running from: c:\users\Sonia\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sonia\Documents\~WRL0001.tmp
c:\users\Sonia\Documents\~WRL0003.tmp
c:\users\Sonia\Documents\~WRL0004.tmp
c:\users\Sonia\Documents\~WRL3518.tmp
c:\users\Sonia\Documents\~WRL3526.tmp
c:\users\Sonia\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\dvdwincd20.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 04:32 . 2010-05-04 13:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 16:23 . 2011-02-16 15:02 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2009-12-01 20:47 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2011-02-16 15:03 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-05-23 14:03 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2009-12-01 20:47 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2009-12-01 20:47 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2009-12-01 20:47 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2009-12-01 20:47 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2009-11-30 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 16:32 . 2011-05-20 18:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-17 01:00 . 2012-01-17 01:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-17 01:00 . 2012-01-17 01:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-17 00:59 . 2010-03-19 01:54 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Akamai NetSession Interface"="c:\users\Sonia\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-06 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"MediaFace Integration"="c:\program files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-09-18 53248]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-02-23 4031368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-05-16 133944]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 01:20]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 01:20]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001Core.job
- c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 21:14]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486176431-360720841-4029466012-1001UA.job
- c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 21:14]
.
2012-03-10 c:\windows\Tasks\HPCeeScheduleForSonia.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-08-25 14:46 167416 ----a-w- c:\users\Sonia\AppData\Roaming\Complitly\64\Complitly64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\4m3fflu0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20110914&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-12 17:06:15 - machine was rebooted
.
Pre-Run: 478,637,928,448 bytes free
Post-Run: 487,371,100,160 bytes free
.

Re: Program shutting down12th March 2012, 11:01 pm

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Re: Program shutting down13th March 2012, 7:45 pm

Last night I ran the Rooter and just stayed on please wait....

Ran it again this morning and still on please wait...

Does it take that long, or is the program not working? Thanks.

Re: Program shutting down13th March 2012, 10:14 pm

Ok. Let's try this one.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)
- If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
- Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted,and tell me how your computer is running now

Re: Program shutting down14th March 2012, 12:30 am

I had 47 unknown hidden files but were not check marked. This was the suggestion:

Removable: Yes (but clean up not recommended for this file) These files are not automatically marked for removal.

Sophos does not recognize these files and recommends that you do not remove them.

If you are unsure what to do about some of these files, follow the instructions in Technical Support to send the log and archive files to Sophos for further analysis.

There also was not an option for me to check mark running processes... I ran the scan just in case...

So I am not sure whether or not to clean them up....

Re: Program shutting down14th March 2012, 1:58 am

So I am not sure whether or not to clean them up....

No, just leave them.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Program shutting down EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the Program shutting down EsetStart

button.
•Accept any security warnings from your browser.
•Check Program shutting down EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Program shutting down EsetListThreats

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Program shutting down EsetBack

button.
•Push Program shutting down EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: Program shutting down14th March 2012, 2:58 pm

The scan could not run - received an error message: Can not get update. Is proxy configured?

Re: Program shutting down14th March 2012, 6:34 pm

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Re: Program shutting down14th March 2012, 7:15 pm

I attached the log. There were no infections found. I also went back to Adobe Reader 9 to see if this would help. The pdf is not shutting down but am getting and error message about not being able to be opened in the Web browser and about exiting the program. The pdf does show up and I am able to print for now. My Internet Explorer is working also now. Do you think the Reader 10 was the problem? BUT I am still getting an error' so not sure. Should I just leave it alone?

Re: Program shutting down14th March 2012, 10:24 pm

Do you think the Reader 10 was the problem? BUT I am still getting an error' so not sure. Should I just leave it alone?

I have no idea what about this error but I'm quite sure it's not malware related. Perhaps a thread in a software forum would help. Let's do some cleanup.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: Program shutting down15th March 2012, 3:36 am

Thank you so much for all your help. I am thankful that there is no malware on my computer. I took the precautions you suggested and will post on the software forum for a solution.

Re: Program shutting down18th March 2012, 5:21 pm

lachatnoir wrote:

Thank you so much for all your help. I am thankful that there is no malware on my computer. I took the precautions you suggested and will post on the software forum for a solution.

You're welcome. Stay safe.

Program shutting down

descriptionProgram shutting down3rd March 2012, 4:02 am

descriptionRe: Program shutting down3rd March 2012, 4:03 am

descriptionRe: Program shutting down3rd March 2012, 4:04 am

descriptionRe: Program shutting down3rd March 2012, 5:05 am

descriptionRe: Program shutting down6th March 2012, 12:12 am

descriptionRe: Program shutting down8th March 2012, 3:45 pm

descriptionRe: Program shutting down8th March 2012, 3:58 pm

descriptionRe: Program shutting down8th March 2012, 5:17 pm

descriptionRe: Program shutting down8th March 2012, 6:27 pm

descriptionRe: Program shutting down10th March 2012, 2:33 am

descriptionRe: Program shutting down11th March 2012, 12:48 am

descriptionRe: Program shutting down11th March 2012, 9:24 pm

descriptionRe: Program shutting down12th March 2012, 1:16 am

descriptionRe: Program shutting down12th March 2012, 4:31 am

descriptionRe: Program shutting down12th March 2012, 6:50 pm

descriptionRe: Program shutting down12th March 2012, 10:17 pm

descriptionRe: Program shutting down12th March 2012, 11:01 pm

descriptionRe: Program shutting down13th March 2012, 7:45 pm

descriptionRe: Program shutting down13th March 2012, 10:14 pm

descriptionRe: Program shutting down14th March 2012, 12:30 am

descriptionRe: Program shutting down14th March 2012, 1:58 am

descriptionRe: Program shutting down14th March 2012, 2:58 pm

descriptionRe: Program shutting down14th March 2012, 6:34 pm

descriptionRe: Program shutting down14th March 2012, 7:15 pm

descriptionRe: Program shutting down14th March 2012, 10:24 pm

descriptionRe: Program shutting down15th March 2012, 3:36 am

descriptionRe: Program shutting down18th March 2012, 5:21 pm

descriptionRe: Program shutting down